06-27-2010 11:16 AM - edited 02-21-2020 04:42 PM
Hi,
I am creating a IPSEC VPN tunnel between Cisco ASA and Cisco Router.
On Router side, i have two outgoing interfaces to reach to ASA. So, i created a loopback interface and terminate the tunnel on Loopback and used the loopback interface as a local-address in the crypto map.
----------------------------------------------------------------------
crypto-map abcmap local-address loopback 10
int lo 10
crypto map abcmap
----------------------------------------------------------------------
I am running OSPF in the network. For the Routing issue, i created the route-map
---------------------------------------------------------------------
route-map IPSEC-VPN permit 10
match ip address crypto-acl
set interface loopback 10
access-list crypto-acl permit ip <site-a-lan> 0.0.0.255 <site-b-lan> 0.0.0.255
--------------------------------------------------------------------
Everything is working fine except that i am unable to ping the Router LAN interface from the Tunnel (ASA side) and receiving the syslog message (id = 402117) ; [IPSEC:Received a non-IPSEC packet (protocol=ICMP) from <ip> to <ip>]. Actually, this LAN interface is the source for the SNMP/ Syslog/ TACACS/ NTP etc...
Any comments please...
Regards,
Mubasher Sultan
06-27-2010 10:43 PM
Hi Experts,
Any comments please... Still i am facing the same issue...
Thanks,
Regards,
Mubasher
06-28-2010 12:14 AM
When you are trying to ping from the ASA end, how did you source the ping? If you are pinging from the ASA itself, and the crypto subnet is for example your inside interface, then you would need to source the ping from the inside interface as follows on the ASA:
ping inside
Otherwise, if you just perform ping as follows from the ASA:
ping
that would be sourced from the outside interface of the ASA.
Further to that, if you are trying to source SNMP, syslog, AAA from the inside interface of the ASA as it is part of the crypto ACL, you would need to specify the inside interface of the corresponding statements.
For example:
logging host inside
snmp-server host inside
aaa-server
Hope that helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: