05-15-2008 07:43 AM - edited 02-21-2020 03:43 PM
I configured my 5520 ASA as the server, configured the 5505 as the client. My internal network behind the 5520 can ping the remote device 5505 and the PC behind the 5505 can ping the 5520 but I can't pass traffic from PC to PC. The rules are there, routes are there, I believe the NAT statement is correct. I'm not sure what's going on. This is the 1st time I setup Easy VPN, i usually do L2L but I want to be able to hand this devices out without knowing the far end peer IP.
Any ideas? I have it in a lap right now, 5520 connects to a L3 switch and the ASA's are connected to each other. The VPN comes up right away but I do anything other than that!
05-21-2008 11:54 AM
Verify your output of "show crypto ipsec sa" from both sides . And verify your ACL and NAT
05-21-2008 12:00 PM
Yeah I've done that, packets are getting encrypted and decrypted on both ASA's, tunnel is up. ACLs allow everything, also have the checkbox checked for VPN to bypass access lists. NAT seems to be fine but if anything that could be the problem.
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 0.0.0.0 0.0.0.0
route Outside 0.0.0.0 0.0.0.0 OUTSIDE_INT 1
access-list Inside_nat0_outbound extended permit ip 10.16.0.0 255.255.0.0 10.27.34.0 255.255.255.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide