L2L Vpn. tunnel is up but no routing between sites.

Unanswered Question
JORGE RODRIGUEZ Tue, 01/26/2010 - 21:24

your nat exempt rule does not reflect your crypto map access list in your asa5505 office2 configuration

you have

access-list outside_cryptomap_1 extended permit ip

crypto map outside_map 1 match address outside_cryptomap_1

your current  nat inside statement is : nat (inside) 0 access-list nonat

change the nat exempt  rule to :  nat (inside) 0 access-list outside_cryptomap_1

try those changes and post results.


pudawat Thu, 01/28/2010 - 16:13


The VPN confguration seems to be fine.Can you send the debugs from the firewalls.

debug crypto isakmp 200

debug crypto ipsec 200

try to add the command "sysopt connection permit vpn" on both the ASA




This Discussion

Related Content