site to site VPN via ASA5540 question

Unanswered Question
Nov 8th, 2007

here is the basic info:


access-list public-2 extended permit ip host 163.148.20.105 101.161.0.0 255.255.0.0


global (Outside) 3 112.129.231.142

nat (Inside) 3 access-list public-2


crypto map Outside-map 10 match address Outside_20_cryptomap

crypto map Outside-map 10 set peer 163.148.20.105

crypto map Outside-map 10 set transform-set ESP-3DES-SHA

crypto map Outside-map interface Outside

crypto isakmp enable Outside


crypto isakmp policy 15

authentication pre-share

encryption 3des

hash sha

group 1

lifetime 28800


tunnel-group 163.148.20.98 type ipsec-l2l

tunnel-group 163.148.20.98 ipsec-attributes

pre-shared-key *

tunnel-group 163.148.20.105 type ipsec-l2l

tunnel-group 163.148.20.105 ipsec-attributes

pre-shared-key *


=======================================

the other end does not see any data.

the other VPN box is 163.148.20.98


But we are trying to tunnel to 163.148.20.105 .


The outside interface is 112.129.230.13


Can you see any problem with the config?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thult Tue, 11/13/2007 - 01:56

Please explain the following:

"the other VPN box is 163.148.20.98

But we are trying to tunnel to 163.148.20.105"


What are the crypto endpoint and what address(es) do you want to include in the tunnel?

Do the other side use NAT/PAT to the .105 address?


Please show how you configured the "Outside_20_cryptomap" access-list.

Actions

This Discussion