L2L VPN between ASA and IOS

Unanswered Question
Sep 24th, 2010
User Badges:

Hi All,

I've setup L2L VPN between ASA and IOS, tunnel has been up and running but no traffic is encrypted in ASA and no traffic is decrypted in IOS router. In ASA I am using NAT, but in IOS router NAT is not being used and all traffic from router must be passed through tunnel.

any suggestion would be very appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amitaaga Fri, 09/24/2010 - 12:57
User Badges:
  • Cisco Employee,

hi alex,

are you doing nat for vpn traffic on the ASA or is it for the internet traffic?

wat is the crypto acl configured on both the sides?

also wat happens when vpn traffic is initiated from behind the router? do you see any encaps on the router and decaps on the ASA then?


manish arora Fri, 09/24/2010 - 13:48
User Badges:
  • Silver, 250 points or more


Change the ACL on asa and router as such :-

on asa ( outside interface a.b.c.d) :-

access-list crypto-acl ext per ip host a.b.c.d host x.y.z.u

there should be any no nat or nat exempt for traffic on asa that is going to the router.

on the router ( interface ip add x.y.z.u) :-

access-list crupto-acl ext per ip host x.y.z.u host a.b.c.d

This should work, if you have simillar setting but it isnt working then please post the configuration without public IP's for review.




This Discussion