Trying to setup a L2L lab for 2xASA 5510. The ASA's outside interface are connected w/ crossover cable. I can ping on both sides. Would it be possible to work L2L VPN using this setup w/out routers?
ASA1 outside - 22.214.171.124/30
inside - 172.16.1.1/24
ASA2 outside - 126.96.36.199/30
inside - 192.168.1.0/24
thanks in advance...
Yes you can do this. You don't need routers to be able to configure a L2L VPN as any routers in between only route the IPSEC packets as normal IP traffic and do nothing special to it.
thanks for your reply ...
Not sure why I can establish tunnel, I verified everything on both sides and seems they're all correct. running in ver8.0(3)
enable debug crypto isakmp 255 and debug crypto ipsec 255, terminal mon is on ... no debug output so far.
Host A - 10.10.1.15/24
Host B - 192.168.2.15/24
Host A can ping/SSH to ASA A.
Host B can ping/SSH to ASA B.
I did clear xlate on both sides...
ASA1-ASA2 is directly connected with crossover cable.
C 127.0.0.0 255.255.0.0 is directly connected, cplane
C 10.10.1.0 255.255.255.0 is directly connected, inside
C 188.8.131.52 255.255.255.192 is directly connected, outside
I added these lines on both ASA's except the access-list inside_nat0_outbound list will be in reverse order...
access-list outside extended permit icmp any any
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside in interface outside
access-list inside_nat0_outbound extended permit ip 10.10.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
Still not working ... pls advise.
my first question was "to test ASA to ASA w/out a L3 router".
Well, I tried to figured out if that will work using crossover cable outside to outside interface. Same subnet on both sides. I can ping bidirectional just fine.
But, my tunnel can't establish using this setup.
So, I put L3 router on both sides via Async interface and PPP on it. This is a LAB environment for this time.
And, from there it works my TUNNEL.
Actually, I haven't tried before without L3 router testing PIX or ASA.
So, I went to its normal setup to make it works on my LAB.
However, I really appreciate if someone has this experience on testing PIXes or ASA's w/out a L3 router.