Tunnel issue

Unanswered Question
Mar 16th, 2010
User Badges:

Hi,


I have setup the tunnel in my test lab and am able to reach peer IP firewall..iskmp is up but ipsec is not working..means i am unable to reach inside network of otherside..




config attached..any suggestions/feedback


Regards

Sateesh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrew.prince@m... Tue, 03/16/2010 - 14:49
User Badges:
  • Green, 3000 points or more

Your error is on Firewall A:-


crypto map VPN 70 match address TEST


The ACL TEST does not exist.  Create it


access-list TEST permit ip host 192.168.200.2 host 192.168.100.2


Test again.

sateeshk10 Tue, 03/16/2010 - 14:51
User Badges:

I have modifed it...but still same problem.


Regards

Sateesh

andrew.prince@m... Tue, 03/16/2010 - 15:05
User Badges:
  • Green, 3000 points or more

post the output of "show crypto isakmp sa" & "show crypto ipsec sa" from both ends when the tunnel is established

sateeshk10 Tue, 03/16/2010 - 15:19
User Badges:

Hi,


Required output has attached..


A - 506E pix(6.2(2)  ---- do i need to upgrade to next or any suggetions on that..

B- 5510 ASA


Regards

sateesh

Attachment: 
andrew.prince@m... Wed, 03/17/2010 - 01:04
User Badges:
  • Green, 3000 points or more

The tunnel has formed OK - traffic is being encrypted by Firewall B, and unencrypted by Firewall A.  However the issue is Firewall A is not encrypted any traffic, this could be of 2 reasons:-


1) The crypto tunnel has formed incorrectly, even though everything looks OK - reboot the firewall

2) There is a routing issue - check that the end device on network firewall A is receving the traffic and

    can respond/route correctly.


HTH>

Actions

This Discussion