Hello all, I am sure I am close, but I am missing something. I have an ASA5510 that does client VPNs with radius authentication as well as 1 end for a VPN tunnel to a Pix 506. The client vpn works great, and there are no issues. The device tunnel is a different story. I cannot get traffic to go accross the vpn tunnel between the ASA and the 506 from either side. I have verified that clients behind both firewalls can get to the internet. My configs are below. Your help is greatly appreciated.
lan side of ASA is 192.168.1.0. lan side of PIx506 is 10.20.30.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.20.30.0 255.255.255.0
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list sb_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 10.2.2.0 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 192.168.1.0 255.255.255.0 10.20.30.0 255.255.255.0
Make sure you have reachibilility PIX <-> ASA first .. You will need to allow this by applying ACL to the external interfaces accordingly. Also make sure you are not using Xauth on the ASA fro the static tunnel.
If you are still having problems. Make sure the shares key is the same. Also, the output of debug crypto isakmp and debug crypto ipsec will help us in the troubleshooting. Are you able to post this.
I actually figured the issue late last night (I think anyway since it is working). I had configured the ASA to accept client vpn connections a couple of weeks before configuring it to do the site to site. I believe that the sysopt connection permit-ipsec command needed to be re-applied to account for the site to site that I put in after the fact. As soon as I re-applied that statement, everything started working.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...