cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
442
Views
0
Helpful
5
Replies

Tunnel issue

sateeshk10
Level 1
Level 1

Hi,

I have setup the tunnel in my test lab and am able to reach peer IP firewall..iskmp is up but ipsec is not working..means i am unable to reach inside network of otherside..

config attached..any suggestions/feedback

Regards

Sateesh

5 Replies 5

andrew.prince
Level 10
Level 10

Your error is on Firewall A:-

crypto map VPN 70 match address TEST

The ACL TEST does not exist.  Create it

access-list TEST permit ip host 192.168.200.2 host 192.168.100.2

Test again.

I have modifed it...but still same problem.

Regards

Sateesh

post the output of "show crypto isakmp sa" & "show crypto ipsec sa" from both ends when the tunnel is established

Hi,

Required output has attached..

A - 506E pix(6.2(2)  ---- do i need to upgrade to next or any suggetions on that..

B- 5510 ASA

Regards

sateesh

The tunnel has formed OK - traffic is being encrypted by Firewall B, and unencrypted by Firewall A.  However the issue is Firewall A is not encrypted any traffic, this could be of 2 reasons:-

1) The crypto tunnel has formed incorrectly, even though everything looks OK - reboot the firewall

2) There is a routing issue - check that the end device on network firewall A is receving the traffic and

    can respond/route correctly.

HTH>

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: