cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
693
Views
4
Helpful
4
Replies

Partial site-to-site connectivity

Kjetil Fleten
Level 1
Level 1

I have configured a Ipsec l2l tunnel between two ASA 5505 devices. The VPN-Led is alight on both ASA's. I am able to ping from the inside of the one ASA to the inside of the other ASA, and vice versa. But I am not able to ping from the inside of any ASA to a device on the remote end ? What might be wrong ?

Kjetil

1 Accepted Solution

Accepted Solutions

Do the clients on each side know how to get to the remote network? Do they have the ASA as default gateway?

The config looks ok, the NAT config is not complete, so NAT is probably not working but since nat-control is disabled it shouldn't be a problem for the vpn-tunnel.

But if you don't want to configure NAT at all you can remove the "nat (VOIP) 0" statement.

Do a "clear xlate" after any change to the NAT config.

View solution in original post

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Hi Kjetil

If your VPN is coming up and you are sure it has been established then could you check your crypto access-lists to make sure that you have included the remote network in the list.

Jon

It can also be a NAT issue or an internal routing problem.

If you attach the configs it will be easier to give you an answer.

Both configurations is attached in the file ASA.txt

Do the clients on each side know how to get to the remote network? Do they have the ASA as default gateway?

The config looks ok, the NAT config is not complete, so NAT is probably not working but since nat-control is disabled it shouldn't be a problem for the vpn-tunnel.

But if you don't want to configure NAT at all you can remove the "nat (VOIP) 0" statement.

Do a "clear xlate" after any change to the NAT config.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: