Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
0
Helpful
1
Replies

ASA5510 Site2Site Wizard

epang
Level 1
Level 1

‎02-21-2012 11:24 PM

I am trying to connect our site to a remote site using the Site2Site VPN wizard.  I got the IPSEC tunnel connected without issues..

The problem is that I can't ping from one network to the other...

This is out layout..

10.10.x.x/16 - - ASA5510(site1) <==> ASA5510(site2) - - 10.50.x.x/16

When I ping from the nearest switch to the ASA on 10.10.x.x network to 10.50.x.x, the ASDM syslog output says..

3  Feb 21 2012  20:51:56  10.10.x.x  10.50.x.x  Deny inbound icmp src inside:10.10.x.x dst inside:10.50.x.x (type 8, code 0)

Any advice is greatly appreciated..

Thanks!!!

Labels:
0 Helpful
1 Reply 1

Matt Lang
Level 1
Level 1

‎02-22-2012 07:26 PM

I am guessing you have a route on your ASA5510 that routes 10.0.0.0/8 to the inside.  What you will need to do is add a static route for 10.50.0.0/16 and point it toward your ISP.  The error message you are seeing is saying that (as far as it knows) traffic is going from 'inside' to 'inside' which really isn't possible without some out of the ordinary configuration on the ASA.

Hope this helps.

Matt

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents