site-to-site with ASA 5505

Unanswered Question
Ivan Martinon Wed, 02/03/2010 - 13:06
User Badges:
  • Cisco Employee,

tunnel config is ok, have you tried passing traffic through the tunnel to bring it up? enable the following command on both firewalls:

management-access inside

Then go ahead and do a ping inside from the asa-atl firewall, do you get replies? does the tunnel seem to come up?

Ivan Martinon Wed, 02/03/2010 - 19:30
User Badges:
  • Cisco Employee,

Ok, turn on the following debug on both boxes and try again, debug crypto isakmp 50

Ping again with ping inside... and see what debug output do you get on both, paste it here please.

Ivan Martinon Mon, 02/08/2010 - 07:08
User Badges:
  • Cisco Employee,

No Magic there, the only thing we did was to allow the ASA to send pings sourced from it's inside interface which will then match the interesting crypto acl and then bring the tunnel up. Management access command helps for administration fo ASA via an ipsec tunnel for https, telnet ssh and some other features.

As of your tunnel you always need to pass traffic to make the tunnel to be built.

sarat1317 Fri, 03/05/2010 - 09:23
User Badges:

This helped resolving my issue as well and didnt have to call the client to test. Thank you


This Discussion

Related Content