Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Intresting issue(VPN tunnel)


I have configured the tunnel between router-ASA. The tunnel is up but there is no reachability means, Not able to ping remote LAN IP.

1) At Router end, I am able view the encap packet,but No DECAP packets under "sh cry ipsec sa"(other tunnel are working fine except this)

2) At ASA end, I am unable to view local,remote peer IP pool under "sh cry ipsec sa'

3) Other tunnels configured on ASA which is working fine(other tunnel with PIX,ASA). This is the only one tunnel peering with router.

I am suspecting with ASA IOS? as its seems to be old IOS need you suggestions on this

Config details:


Config details @ A(ROUTER 2811 ,Version 12.4(9)T5)


crypto isakmp key xxxxx address

crypto map VPN 100 ipsec-isakmp

description IPSec VPN to Baltimore

set peer

set transform-set 3des-set

match address 175

access-list 175 permit ip

Extended IP access list 110

361 deny ip

ip nat inside source list 110 pool NAT-POOL overload


Config at B (ASA 5510, 7.0(8)


crypto map VPN 30 match address 123

crypto map VPN 30 set peer <>

crypto map VPN 30 set transform-set strong



tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key xxxxx

access-list 123 extended permit ip 255.255.

access-list nonat extended permit


New Member

Re: Intresting issue(VPN tunnel)

are you allowing for UDP 50 AND 5000 to come in to ASA ?

CreatePlease to create content