Intresting issue(VPN tunnel)

Unanswered Question
Jul 14th, 2009


I have configured the tunnel between router-ASA. The tunnel is up but there is no reachability means, Not able to ping remote LAN IP.

1) At Router end, I am able view the encap packet,but No DECAP packets under "sh cry ipsec sa"(other tunnel are working fine except this)

2) At ASA end, I am unable to view local,remote peer IP pool under "sh cry ipsec sa'

3) Other tunnels configured on ASA which is working fine(other tunnel with PIX,ASA). This is the only one tunnel peering with router.

I am suspecting with ASA IOS? as its seems to be old IOS need you suggestions on this

Config details:


Config details @ A(ROUTER 2811 ,Version 12.4(9)T5)


crypto isakmp key xxxxx address

crypto map VPN 100 ipsec-isakmp

description IPSec VPN to Baltimore

set peer

set transform-set 3des-set

match address 175

access-list 175 permit ip

Extended IP access list 110

361 deny ip

ip nat inside source list 110 pool NAT-POOL overload


Config at B (ASA 5510, 7.0(8)


crypto map VPN 30 match address 123

crypto map VPN 30 set peer <>

crypto map VPN 30 set transform-set strong



tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key xxxxx

access-list 123 extended permit ip 255.255.

access-list nonat extended permit


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
CCDECCDE9 Mon, 07/20/2009 - 10:55

are you allowing for UDP 50 AND 5000 to come in to ASA ?


This Discussion