ASA L2L trouble: tunnel up, traffic doesn't pass

Unanswered Question
Oct 8th, 2008

I've set up a L2L between 2 sites.

Both the ASA nat the traffic to internet with one public IP while another one (the one assigned to the outside interface) is reserved for L2L peering.

The tunnel is up since some day, as the output show crypto ipsec stats shows:

Active tunnels: 1

Previous tunnels: 76

However the traffic won't pass.

When i try to telnet from site A (10.200.200.0/24) to site B (10.100.100.0/24)

the outcome is this:

%ASA-7-609001: Built local-host outside:10.100.100.100

%ASA-3-305005: No translation group found for tcp src test:10.200.200.200/13830 dst outside:10.100.100.100/23

%ASA-7-609002: Teardown local-host outside:10.100.100.100 duration 0:00:00

However my NAT rules are these:

access-list outside_20_cryptomap extended permit ip 10.200.200.0 255.255.255.0 10.100.100.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.200.200.0 255.255.255.0 10.100.100.0 255.255.255.0

nat (inside) 0 access-list inside_nat0_outbound

nat-control

global (outside) 1 192.168.168.40

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 access-list nat

It appears clear that this traffic shouldn't be natted, but just tunneled to the other side.

I cant understand then why it is discarded.

Does anyone can give me some suggestion?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Thu, 10/09/2008 - 00:22

Do you have an interface by the name of 'test'? If so, you need to add:

nat (test) 0 access-list inside_nat0_outbound

Regards

Farrukh

Carlo Zaina Fri, 10/10/2008 - 03:41

Thank you for the answer.

I figured the problem the following day and fixed the configuration.

Now all works.

Thank you anyway

Actions

This Discussion