I have just setup a remote VPN on Cisco ASA Firewall of SITE A which is working fine from outside network but when i try to connect with VPN from SITE B whereon the Cisco ASA firewall is also deployed then it doesn't work.
I allow only internal n/w of SITE A if i connect with remote VPN of SITE A from o/s n/w. For the troubleshooting perspective, I permited the IP protocol for the remote HOST IP then I could be able to connect with from SITE B Internal network but when i try to connect the servers located at Internal environment of SITE A then I am not able to reach them.
Can you pls. suggest the steps in sequence to troubleshoot this issue?
2.) Within the VPN Client, confirm which IP address you are assigned from the VPN IP Pool.
3.) Perform a packet capture on the inside interface of SITE A. When you try to connect to a server at Site A, you should see a SYN (Client->Server), SYN-ACK (Server->Client), ACK (Client->Server) to setup the TCP connection. Reference the link below on how to perform and view packet captures:
4.) If you see only the SYN packet egress the inside interface of the ASA towards the server, you will need to investigate the routing between the server and the IP address as assigned to the VPN Client.
One command that may come into play here is 'reverse-route'. This keyword, appended to the end of the 'crypto dynamic-map' entry will inject the route of the client into any upstream dynamic routing processes, allowing the return traffic to be received by the client.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :