01-26-2010 07:35 PM
I have a 5505 and 5510 configured with a l2l ipsec tunnel. The tunnel comes up but, inside traffic does not pass between sites.
I'm attachinng the configs for each side.
Any help would be great.
Thank you.
Ed
01-26-2010 09:24 PM
your nat exempt rule does not reflect your crypto map access list in your asa5505 office2 configuration
you have
access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
crypto map outside_map 1 match address outside_cryptomap_1
your current nat inside statement is : nat (inside) 0 access-list nonat
change the nat exempt rule to : nat (inside) 0 access-list outside_cryptomap_1
try those changes and post results.
Regards
01-28-2010 09:44 AM
Hi Eddie, has your issue being resolved or do you still have problems?
Rgds
01-28-2010 02:57 PM
Hello Jorge,
No, that didn't work. I removed all the vpn commands and created the tunnels again with no avail.
The tunnel comes up but I can not ping the inside interface of the other side.
Any other thoughts?
Thank you,
Eddie Lee
01-28-2010 04:13 PM
HI,
The VPN confguration seems to be fine.Can you send the debugs from the firewalls.
debug crypto isakmp 200
debug crypto ipsec 200
try to add the command "sysopt connection permit vpn" on both the ASA
Regards,
Pradhuman
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide