site to site vpn on 5505

Unanswered Question
Mar 27th, 2013
User Badges:

  I will appreciate some assisstance.

 

I had site to site working at some point but not any more. Sice the devices are newly commissioned, i did a reset and applied config again but no joy.

 

Kindly see configs attached.

 

I cannot bring up the tunnels at the moment

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shiznity2k Wed, 03/27/2013 - 08:04
User Badges:

I have disabled Firewall on clients connected to both ASAs and tnnels are up and running, pinging from both internal addresses and getting responses.


Surprising!!!

techdata Fri, 03/29/2013 - 14:57
User Badges:

Hi,


Can you run the "Debug crypto isa 250" and attached that output.


after doing the debug please try to bring the tunnel up.

Julio Carvajal Fri, 03/29/2013 - 17:07
User Badges:
  • Purple, 4500 points or more

Hello,


The configuration looks good ( Refering to the phase 1 and phase 2 configuration that we can see, The only thing that we cannot determine here is whether the IP addresses set on the peer and tunnel group statements are the right ones and finally the pre-shared key)


So make sure you have the right IP addreses ( You are getting IP address via IPCP so make sure you are using the right one)

Then try to ping the other side.


If connectivity from both sides outside interface IP addresses is fine, I would suggest to check the preshared key


more-system running-config | begin tunnel


Then if you see a match in that as well I would recommend what the user techdata suggested,



A debug crypto isa 255  and then generate traffic across the tunnel


Regards

Actions

This Discussion