I have a Cisco ASA 5510 that I have setup to provide site-to-site vpn access between our local network and a PIX 515 on a remote network (a SAP that needs access to upload files to our FTP server). This unit is not doing any firewalling at this time, only VPN connections. The server is not using NAT and the SAP will connect over an IPSEC connection.
The tunnel is created successfully and the user was able to ping the server but not connect (I say WAS because now the user cannot ping the server either). I have allowed all traffic to our internal FTP server through the checkpoint and connections from the local network work with no problem. I can even connect using the Cisco VPN client and make a connection to the FTP server. This connection problem only happens when using the site-to-site VPN.
Here is an overview to help sort things out (IP?s changed for security) and parts of the config:
Remote network (public IP): 172.16.1.8
Internal Host on the remote network making the connection: 192.168.1.8
Internal FTP Server: 10.54.1.133
asdm image disk0:/asdm521.bin
asdm history enable
ASA Version 7.2(2)
ip address 188.8.131.52 255.255.255.128
ip address 10.54.1.200 255.255.252.0
ip address 192.168.199.1 255.255.255.0
ip address 192.168.9.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list Inside_nat0_outbound extended permit ip 10.54.1.0 255.255.252.0 192.168.1.0 255.255.255.0
access-list Outside_20_cryptomap extended permit ip 10.54.1.0 255.255.252.0 192.168.1.0 255.255.255.0
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :