Hello,
I have configured the tunnel between router-ASA. The tunnel is up but there is no reachability means, Not able to ping remote LAN IP.
1) At Router end, I am able view the encap packet,but No DECAP packets under "sh cry ipsec sa"(other tunnel are working fine except this)
2) At ASA end, I am unable to view local,remote peer IP pool under "sh cry ipsec sa'
3) Other tunnels configured on ASA which is working fine(other tunnel with PIX,ASA). This is the only one tunnel peering with router.
I am suspecting with ASA IOS? as its seems to be old IOS need you suggestions on this
Config details:
--------------
Config details @ A(ROUTER 2811 ,Version 12.4(9)T5)
==================================================
crypto isakmp key xxxxx address 2.2.2.2
crypto map VPN 100 ipsec-isakmp
description IPSec VPN to Baltimore
set peer 2.2.2.2
set transform-set 3des-set
match address 175
access-list 175 permit ip 172.16.21.0 0.0.0.255 10.50.0.0 0.0.255.255
Extended IP access list 110
361 deny ip 172.16.21.0 0.0.0.255 10.50.0.0 0.0.255.255
ip nat inside source list 110 pool NAT-POOL overload
===============================
Config at B (ASA 5510, 7.0(8)
===============================
crypto map VPN 30 match address 123
crypto map VPN 30 set peer <1.1.1.1>
crypto map VPN 30 set transform-set strong
Regards
sateesh
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key xxxxx
access-list 123 extended permit ip 10.50.0.0 255.255.0.0 172.16.21.0 255.255.
access-list nonat extended permit 10.50.0.0 255.255.0.0 172.16.21.0 255.255.255.0
=========================================