cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
667
Views
0
Helpful
11
Replies

asa to asa tunnel nor working

giedriusr
Level 1
Level 1

I am trying to setup l2l tunel between 2 asa devices tunel establishes but when i try to ping fom site l1 to site r1 i see that icmp psaes to tunnel but not recieved back. tunnel tx increased.

on r1 site i see that tunnel RX increased but not tx. acl sems to be the same. what could be the problem.

attache runin configs. r1 and l1.

11 Replies 11

andrew.prince
Level 10
Level 10

check your no-nat config.

fixed nat on r1 to

nat (inside) 0 access-list nonat

nat (inside) 1 10.20.30.0 255.255.255.0

but nothing helps .

Make sure the no-nat on both sides is relevant eg:-

L1

no-nat permit ip <> <>

R1

no-nat permit ip <> <>

i have checked or even disabled nat on both sites.

When i do packet tracer on on r1 asa i got strange output.

i have rule on r1 to permit <> <>

eevn after it permit any any on r1 inside interface bu tracer said that paket was droped by implicit rule deny any any.

Post the config's agian - removing sensitive information.

here it is

forgot to attach

post the output of the "show crypto ipsec sa" from both sides

here it is.

Ths issue is on the R1 side - check, check and re-check all config, no-nat, interesting traffic, ip routes etc.

I know that in r1 but where?

I recreated ipsec tunel from begining on r1 but now when i am trying to initiate tunell form r1 side i get

Routing failed to locate next hop for icmp from NP Identity Ifc:10.20.30.1/0 to inside:10.89.48.1/0

if i am trying to establish tunel from l1 side it comes up bu no reply from r1 to l1 side.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: