cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
445
Views
0
Helpful
2
Replies

Tunnel IPSec, remote network can't ping crypto access list

ChristISM
Level 1
Level 1

Hi!

 

I have Cisco C881W-A-K9, on firmware 15.2(4)M4, that is connected to a an ASA Firewall(supplier, ERP). I have also another tunnel which is connected to the main Office (Juniper)

 

When I run show crypto isakmp sa, the tunnel is Active but idle. On their end, they have a server which has to reach some devices, that are actuelly printers. I configured the access-list for the Crypto, this is all good, the tunnel goes active like I said.

 

The issue, they can't ping those devices, that I am able to ping from a network behind the Juniper. I am not able to find out why.

 

Here's a sample of the configuration:that I attached to the post (note, external IP and keys are replaced :) )

 

Any help is appreciated!

 

Thanks

2 Replies 2

Hello,

 

I am not sure about this, but I seem to remember that having multiple transform sets in one single crypto map can cause problems. Try and use either one of them, but not both together...

 

Hi,

 

Please try with "transport mode" by changing the lines as shown below:

crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport

 

HTH,

Meheretab

HTH,
Meheretab
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: