Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
240
Views
0
Helpful
2
Replies

ASA point-to-point VPN problem

Tero Kaira
Level 1
Level 1

‎07-24-2014 07:27 AM - edited ‎03-11-2019 09:31 PM

Hi,

 

i have VPN-tunnel up between ASA5512X <-> ASA5512X.

There is one laptop also connected to both ASA's LAN-port and ping between these laptops through tunnel success 100%.

 

But when I remove another laptop and replace it -> router device with same IP-address as laptop, VPN-tunnel goes down and ping fails. Why's that?

 

Router's port is configured as access vlan mode.

 

Thanks for help.

Labels:
0 Helpful
2 Replies 2

rvarelac
Level 7
Level 7

‎07-24-2014 10:55 AM

Hi TernoTurtia82,

 

I would recommend you to use :

 

  • Debug crypto ipsec 128
  • Debug crypto isakmp 128  

And drop the tunnel to see what's happening exactly or what changes on the config. 

-Hope this helps -

 

0 Helpful

nkarthikeyan
Level 7
Level 7

‎07-25-2014 05:11 AM

Hi,

 

Have you set the right default gateway on the router.... ip routing is enabled and when you give show ip route it show the def route info as well as directly connected information.....

 

Please do capture the traffic in ASA and check the traffic router is hitting the asa and going out and coming back....

 

if it hits an FW and goes out... then you can see sh isakmp sa and sh ipsec sa output.... in phase 2 oputput if you see encaps or decap not happening the ex[ected way... then you can go and check on the other end if everything is okay or not.....

 

FW# debug crypto ikev1/2 7

FW#debug crypto ipsec 7

 

Regards

Karthik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card