L2L Vpn. tunnel is up but no routing between sites.

elee · ‎01-26-2010

I have a 5505 and 5510 configured with a l2l ipsec tunnel. The tunnel comes up but, inside traffic does not pass between sites.

I'm attachinng the configs for each side.

Any help would be great.

Thank you.

Ed

JORGE RODRIGUEZ · ‎01-26-2010

your nat exempt rule does not reflect your crypto map access list in your asa5505 office2 configuration

you have

access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0

crypto map outside_map 1 match address outside_cryptomap_1

your current nat inside statement is : nat (inside) 0 access-list nonat

change the nat exempt rule to : nat (inside) 0 access-list outside_cryptomap_1

try those changes and post results.

Regards

Jorge Rodriguez

JORGE RODRIGUEZ · ‎01-28-2010

Hi Eddie, has your issue being resolved or do you still have problems?

Rgds

Jorge Rodriguez

elee · ‎01-28-2010

Hello Jorge,

No, that didn't work. I removed all the vpn commands and created the tunnels again with no avail.

The tunnel comes up but I can not ping the inside interface of the other side.

Any other thoughts?

Thank you,

Eddie Lee

pudawat · ‎01-28-2010

HI,

The VPN confguration seems to be fine.Can you send the debugs from the firewalls.

debug crypto isakmp 200

debug crypto ipsec 200

try to add the command "sysopt connection permit vpn" on both the ASA

Regards,

Pradhuman