Site to site VPN using 2 Cisco ASA 5510

Unanswered Question
Dec 10th, 2008

Hi All,

I'm trying to set up a site-to-site VPN using two Cisco ASA 5510, version 8, ADSM 6.

I have used the IPSec VPN wizard, picked the site to site option, passed trough the process, the configuration went delivered on both devices without errors.

However, when I do a ping to the remote LAN I have no answer. When I use the VPN monitoring options, there are no VPN tunnels. As it seems, the VPN tunel is not working.

Previously I had setup an GRE site to site VPN using 2 Cisco ISR 2801's and, so far, this doesn't look good.

The SDM utility has an troubleshooting utility for VPN connection over ISR's. On the other hand, the VPN debugging with the ASDM is less intuitive.

What CLI command actually makes the VPN connection? And how to check what's missing?

Thanks in advance for any information.

Best Regards,

Igor Sotelo.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mgajew Thu, 12/11/2008 - 01:50

Igor,

1. generate traffic that you have defined as interesting in your crypto ACL

2. from the CLI check :

sh crypto isakmp sa

3. check if you have phase1 in QM_IDLE state (which is what should be seen)

3. from the CLI check :

sh crypto ipsec sa peer _otherendIPaddress_

if you can see SA structures , check if you have packets encapsulated/decapsulated in both directions. If only one direction counter is coming up, check your NAT and routing settings.

HTH

Actions

This Discussion