ASA L2L trouble: tunnel up, traffic doesn't pass

Unanswered Question
Oct 8th, 2008
User Badges:

I've set up a L2L between 2 sites.

Both the ASA nat the traffic to internet with one public IP while another one (the one assigned to the outside interface) is reserved for L2L peering.


The tunnel is up since some day, as the output show crypto ipsec stats shows:

Active tunnels: 1

Previous tunnels: 76

However the traffic won't pass.

When i try to telnet from site A (10.200.200.0/24) to site B (10.100.100.0/24)

the outcome is this:


%ASA-7-609001: Built local-host outside:10.100.100.100

%ASA-3-305005: No translation group found for tcp src test:10.200.200.200/13830 dst outside:10.100.100.100/23

%ASA-7-609002: Teardown local-host outside:10.100.100.100 duration 0:00:00


However my NAT rules are these:

access-list outside_20_cryptomap extended permit ip 10.200.200.0 255.255.255.0 10.100.100.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.200.200.0 255.255.255.0 10.100.100.0 255.255.255.0

nat (inside) 0 access-list inside_nat0_outbound

nat-control

global (outside) 1 192.168.168.40

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 access-list nat


It appears clear that this traffic shouldn't be natted, but just tunneled to the other side.

I cant understand then why it is discarded.

Does anyone can give me some suggestion?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Thu, 10/09/2008 - 00:22
User Badges:
  • Red, 2250 points or more

Do you have an interface by the name of 'test'? If so, you need to add:


nat (test) 0 access-list inside_nat0_outbound


Regards


Farrukh

Carlo Zaina Fri, 10/10/2008 - 03:41
User Badges:

Thank you for the answer.

I figured the problem the following day and fixed the configuration.


Now all works.

Thank you anyway

Actions

This Discussion