Re: Issues getting site-to-site VPN working

Rex Biesty · ‎01-03-2007

Hi

I'm setting up a site to site VPN between 2 new devices (ASA 5100 and PIX 501). I've been thru the wizards on both devices but cannot get IP traffic between them. Any help would be greatly appreciated

Thanks Rex

pmajumder · ‎01-03-2007

Hello,

Verify your peers since on your ASA you are specifying the peer as 193.238.166.50 (crypto map outside_map 20 set peer 193.238.166.50). However, on your Pix the outside IP is set to 10.71.135.4.

Regards

Pradeep

Rex Biesty · ‎01-04-2007

Thanks for the reply Pradeep.

We are given IP addresses in the range 10.71.135.x by our ISP which they NAT to a public IP (193.238.166.50 in this case) as needed. I think the tunnel is setting itself up correctly as both PDM (on 501) and ADSM (on ASA) both report that there is an active IKE tunnel. I've included some of the syslogs from the ASA if this helps.

Thanks, Rex

pmajumder · ‎01-04-2007

Rex,

Can you also send the output of "sh crypto ipsec sa peer from both the ASA and PIX.

Regards

Pradeep

Rex Biesty · ‎01-04-2007

Thanks again Pradeep.

I've attached a the output from this command. The 501 is running v6.3 of the s/w so I've used sh crypto ipsec sa instead.

Thanks, Rex

Rex Biesty · ‎01-08-2007

I eventually sorted the issue by deleting and recreating the VPNs using the wizards and by setting up static routes on the remote servers we were trying to get to to get back to originating network.