cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1366
Views
0
Helpful
2
Replies

ASA 5520 VPN

Hi, I am trying to set up a site to site VPN between ASA 5520 and the check point firewall using the site to site VPN tunnel wizard from the ASDM. The checkpoint firewall is configured by the technicians on the third party site. we verified that all the configurations including pre-shared keys are the same. but it is not working.

How do I troubleshoot what the problem is? is there a way to force the tunnel to connect?

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

emmanuel.shoroma wrote:

Hi, I am trying to set up a site to site VPN between ASA 5520 and the check point firewall using the site to site VPN tunnel wizard from the ASDM. The checkpoint firewall is configured by the technicians on the third party site. we verified that all the configurations including pre-shared keys are the same. but it is not working.

How do I troubleshoot what the problem is? is there a way to force the tunnel to connect?

Emmanuel

You need to do some debugging. The 2most useful debugs are "debu crypto ipsec" and "debug crypto isa" - see the command reference for details -

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/d1_72.html

To force the tunnel to try and connect you need to generate some "interesting" traffic ie. when you setup the VPN you defined the local and remote subnets that were allowed to communicate and on what ports/protocols.

Jon

Hi, Thanks. I managed to see what the problem is. the issue is with the crypto map access lists. when I specify the other site host network adress, I get erro log saying (" no matching crypto map entry for remote proxy 0.0.0.0/0.0.0.0/0/0 local proxy x.x.x.x/x.x.x.x/x/x) if I allow any on the crypto map access lists to our network x.x.x.x/x.x.x.x, then it works.

Any Idea why can't it work when I specify the remote site network and why is it showing remote site as 0.0.0.0/0.0.0.0?

Your help will be highly appreciated.

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: