Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Partial site-to-site connectivity

I have configured a Ipsec l2l tunnel between two ASA 5505 devices. The VPN-Led is alight on both ASA's. I am able to ping from the inside of the one ASA to the inside of the other ASA, and vice versa. But I am not able to ping from the inside of any ASA to a device on the remote end ? What might be wrong ?

Kjetil

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Partial site-to-site connectivity

Do the clients on each side know how to get to the remote network? Do they have the ASA as default gateway?

The config looks ok, the NAT config is not complete, so NAT is probably not working but since nat-control is disabled it shouldn't be a problem for the vpn-tunnel.

But if you don't want to configure NAT at all you can remove the "nat (VOIP) 0" statement.

Do a "clear xlate" after any change to the NAT config.

4 REPLIES
Hall of Fame Super Blue

Re: Partial site-to-site connectivity

Hi Kjetil

If your VPN is coming up and you are sure it has been established then could you check your crypto access-lists to make sure that you have included the remote network in the list.

Jon

Re: Partial site-to-site connectivity

It can also be a NAT issue or an internal routing problem.

If you attach the configs it will be easier to give you an answer.

New Member

Re: Partial site-to-site connectivity

Both configurations is attached in the file ASA.txt

Re: Partial site-to-site connectivity

Do the clients on each side know how to get to the remote network? Do they have the ASA as default gateway?

The config looks ok, the NAT config is not complete, so NAT is probably not working but since nat-control is disabled it shouldn't be a problem for the vpn-tunnel.

But if you don't want to configure NAT at all you can remove the "nat (VOIP) 0" statement.

Do a "clear xlate" after any change to the NAT config.

111
Views
4
Helpful
4
Replies