Partial site-to-site connectivity

Answered Question
Jul 25th, 2007
User Badges:

I have configured a Ipsec l2l tunnel between two ASA 5505 devices. The VPN-Led is alight on both ASA's. I am able to ping from the inside of the one ASA to the inside of the other ASA, and vice versa. But I am not able to ping from the inside of any ASA to a device on the remote end ? What might be wrong ?


Kjetil

Correct Answer by mattiaseriksson about 9 years 9 months ago

Do the clients on each side know how to get to the remote network? Do they have the ASA as default gateway?


The config looks ok, the NAT config is not complete, so NAT is probably not working but since nat-control is disabled it shouldn't be a problem for the vpn-tunnel.


But if you don't want to configure NAT at all you can remove the "nat (VOIP) 0" statement.


Do a "clear xlate" after any change to the NAT config.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (3 ratings)
Loading.
Jon Marshall Thu, 07/26/2007 - 00:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Kjetil


If your VPN is coming up and you are sure it has been established then could you check your crypto access-lists to make sure that you have included the remote network in the list.



Jon

mattiaseriksson Thu, 07/26/2007 - 00:38
User Badges:
  • Bronze, 100 points or more

It can also be a NAT issue or an internal routing problem.


If you attach the configs it will be easier to give you an answer.

Correct Answer
mattiaseriksson Thu, 07/26/2007 - 04:05
User Badges:
  • Bronze, 100 points or more

Do the clients on each side know how to get to the remote network? Do they have the ASA as default gateway?


The config looks ok, the NAT config is not complete, so NAT is probably not working but since nat-control is disabled it shouldn't be a problem for the vpn-tunnel.


But if you don't want to configure NAT at all you can remove the "nat (VOIP) 0" statement.


Do a "clear xlate" after any change to the NAT config.

Actions

This Discussion