Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Issues getting site-to-site VPN working

Hi

I'm setting up a site to site VPN between 2 new devices (ASA 5100 and PIX 501). I've been thru the wizards on both devices but cannot get IP traffic between them. Any help would be greatly appreciated

Thanks Rex

5 REPLIES
New Member

Re: Issues getting site-to-site VPN working

Hello,

Verify your peers since on your ASA you are specifying the peer as 193.238.166.50 (crypto map outside_map 20 set peer 193.238.166.50). However, on your Pix the outside IP is set to 10.71.135.4.

Regards

Pradeep

New Member

Re: Issues getting site-to-site VPN working

Thanks for the reply Pradeep.

We are given IP addresses in the range 10.71.135.x by our ISP which they NAT to a public IP (193.238.166.50 in this case) as needed. I think the tunnel is setting itself up correctly as both PDM (on 501) and ADSM (on ASA) both report that there is an active IKE tunnel. I've included some of the syslogs from the ASA if this helps.

Thanks, Rex

New Member

Re: Issues getting site-to-site VPN working

Rex,

Can you also send the output of "sh crypto ipsec sa peer from both the ASA and PIX.

Regards

Pradeep

New Member

Re: Issues getting site-to-site VPN working

Thanks again Pradeep.

I've attached a the output from this command. The 501 is running v6.3 of the s/w so I've used sh crypto ipsec sa instead.

Thanks, Rex

New Member

Re: Issues getting site-to-site VPN working

I eventually sorted the issue by deleting and recreating the VPNs using the wizards and by setting up static routes on the remote servers we were trying to get to to get back to originating network.

138
Views
0
Helpful
5
Replies
CreatePlease login to create content