tunnel up but no ping from asa inside interface

Answered Question
Oct 8th, 2009

Dear All

i am establish a vpn tunnel between cisco asa 5510 and a cisco router.The tunnel is up and i can ping both crypto interfaces.Also from the asa console i can ping the lan interface of the router but from the router i can not ping the lan interface of the asa this message shows up in the log

%ASA-3-713042: IKE Initiator unable to find policy: Intf liaison_BLR, Src: 128.2

23.125.232, Dst: 129.223.123.234

Here is the config of the equipements.

I was able to successfully establish an ipsec tunnel with another 1841 ROUTER.I am having 1 hub site and 3 remotes sites with asa as hub.


Please Help.




Correct Answer by auraza about 7 years 4 months ago

Your crypto ACLs aren't matching. They need to be exact mirrors of each other.


Also, you may want to consider fixing the security-levels on the interfaces. They are all set to 0. Set the internal/private ones to a higher value.


Let me know how it goes.


PS. If you find this post helpful, please rate it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
auraza Thu, 10/08/2009 - 13:46

Your crypto ACLs aren't matching. They need to be exact mirrors of each other.


Also, you may want to consider fixing the security-levels on the interfaces. They are all set to 0. Set the internal/private ones to a higher value.


Let me know how it goes.


PS. If you find this post helpful, please rate it.

kolawole1 Fri, 10/09/2009 - 14:11

Thanks you i was able to solve the issue it was the matching of the access-lists.

Thanks big Boss

Thanks to the Netpro community.

rimbertr1 Mon, 10/12/2009 - 12:04

Make sure you are using the lan interface of your router to ping (by default the router will use the external interface - the crypto interface). Type ping with no other parameters and make sure to choose 'y' for extended commands to choose which interface to use to ping.

Actions

This Discussion