5510 Multiple Tunnels

macmad · ‎03-12-2009

I have an ASA 5510 that has Remote Access VPN and a Lan-To-Lan set up and working great. Local nets and users on the RA net can access networks across the Lan-To-Lan no issues. I added a second Lan-To-Lan to another site and only the local network can access the remote network. Remote Access users can not. They can still access the original tunnel network, but not the second tunnel network.

The other end in this case is a Juniper firewall. Any ideas? My crypto map has the two L2L tunnels listed first and then the RA tunnel. Again, this works great on another L2L, just not this new one.

Ivan Martinon · ‎03-12-2009

You need to make sure that this particular lan to lan tunnel contains the pool of the vpn client defined as part of the local network going to the remote (juniper side) network and the remote juniper should have the same in a mirrored way.

macmad · ‎03-13-2009

It does. It is configured for the local net and the RA net to communicate with teh network on the remote end. Another L2L tunnel on the same ASA works fine, but this one to the Juniper does not. Any known issues with Tunnels to Juniper FW's?

JamesLuther · ‎03-13-2009

Hi,

It might be worth looking at the actual subnets that have been negotiated in the SA for each peer. Type

sh crypto ipsec sa

and check the lines "local ident" for each peer. For the first L2L tunnel what is it negotiated (maybe 0.0.0.0?)

It might just be the remote end hasn't configured your RA pool.

Regards

macmad · ‎03-13-2009

Thanks James. The negotiated SA shows the correct subnets configured but shows errors related to the RA network SA so it seems the problem is on the Juniper side. The admin on the other end says the network/mask is correct but unfortunately I don't have access to confirm that.

Ivan Martinon · ‎03-13-2009

can you post your config, along with the show crypto ipsec sa

macmad · ‎03-13-2009

Sure. Here's the relevant parts of the config (IP's modified) as well as the show crypto ipsec sa output. Thanks!!