Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

site to site ping issue

Hi all I had a problem with my site to site tunnel between 2 asa's whereas I could not ping, I have resolved this, the issue was that the encrypted networks were different on one side, they were all there but 1 side had another network statement in, would this matter? do they have to match exactly the same? also with vpn tunnel, was I right in adding a nat exempt rule in for those networks through the tunnel ?

2 REPLIES
New Member

Re: site to site ping issue

Can anyone please help with this ?

cheers

Carl

Green

Re: site to site ping issue

Carl,

If you could post how you had the config when it wasn't working and the config now that it is working, it may be easier to help. Yes, you were correct in adding nat exemption for the interesting traffic on the tunnel. Also, the crypto acls should mirror each other exactly. Ex.

Site A

access-list crypto permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

nat (inside) 0 access-list nonat

Site B

access-list crypto permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list nonat

107
Views
0
Helpful
2
Replies