Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA5510 VPN L2L Can't reach Hosts to the other side

Hello experts,

I've got a ASA5510 with 3 VPN L2L and one VPN Remote Access. For the two VPN L2L,Marielle and Aeromique no problem, but for VPN ASPCANADA, from a host 192.168.100.xx behind the ASA I cannot reach 57.5.64.250 or 251, and conversely.But the tunnel is up. Can you help me please, Thank you by advance.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Silver

Re: ASA5510 VPN L2L Can't reach Hosts to the other side

Add these two line to the NAT 0 access list:

access-list inside_outbound_nat0_acl extended permit ip ASP-NETWORK 255.255.255.0 host 57.5.64.251

access-list inside_outbound_nat0_acl extended permit ip ASP-NETWORK 255.255.255.0 host 57.5.64.250

Also make sure mirror image of these statements are also in the remote ASA's NAT 0 access-list.

Test and post results

HTH

Saju

Pls rate helpful posts

Silver

Re: ASA5510 VPN L2L Can't reach Hosts to the other side

Split tunnel is not configured properly .

Can you remove this line from your config :

no crypto dynamic-map NOMADES_DYN_MAP 10 match address NOMADES_DYN_MAP_10

Also modify following access list

no access-list NOMADES_DYN_MAP_10

access-list NOMADES_DYN_MAP_10 extended permit ip any ASP-NETWORK 255.255.255.0

The vpn pool in your config overlaps with inside network .This sometimes causes issues. Try to configure different network subnet for VPN pool .

HTH

Saju

Pls rate helpful posts

5 REPLIES
Silver

Re: ASA5510 VPN L2L Can't reach Hosts to the other side

Add these two line to the NAT 0 access list:

access-list inside_outbound_nat0_acl extended permit ip ASP-NETWORK 255.255.255.0 host 57.5.64.251

access-list inside_outbound_nat0_acl extended permit ip ASP-NETWORK 255.255.255.0 host 57.5.64.250

Also make sure mirror image of these statements are also in the remote ASA's NAT 0 access-list.

Test and post results

HTH

Saju

Pls rate helpful posts

New Member

Re: ASA5510 VPN L2L Can't reach Hosts to the other side

Hi,

Thank you for your reply Singhsaju, i'm expecting the reply from the guy who take care of the router on the over side :). I'll send you the result ...

Best regards

New Member

Re: ASA5510 VPN L2L Can't reach Hosts to the other side

Hi,

Ok, Every hosts from LAN ASP-NETWORK can ping the two hosts 57.5.64.250 & 251. Thank you very much. I've got an another question for this configuration. For the VPN Remote Access NOMADES, i can reach the hosts in the LAN ASP-NETWORK, but in the same time i can't go on Internet, or every thing public. I added the line "same-security-traffic permit intra-interface" but it's the same thing.

Thank you by advance...

Silver

Re: ASA5510 VPN L2L Can't reach Hosts to the other side

Split tunnel is not configured properly .

Can you remove this line from your config :

no crypto dynamic-map NOMADES_DYN_MAP 10 match address NOMADES_DYN_MAP_10

Also modify following access list

no access-list NOMADES_DYN_MAP_10

access-list NOMADES_DYN_MAP_10 extended permit ip any ASP-NETWORK 255.255.255.0

The vpn pool in your config overlaps with inside network .This sometimes causes issues. Try to configure different network subnet for VPN pool .

HTH

Saju

Pls rate helpful posts

New Member

Re: ASA5510 VPN L2L Can't reach Hosts to the other side

Hi Saju

Yop yop yop ça roule ma poule ...

Thank you for your help, every things running now.

Best regards...

171
Views
0
Helpful
5
Replies
CreatePlease to create content