Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

site to site VPN issue

Hello - I am trying to bring up a second site to site vpn tunnel to a site where I have an existing one, and I am having issues. Here is the lay out: Right now I have site A and site B, both sites have an ASA 5520. In site A I have a link out to the internet on gi0/3 and a link to the internet via a different ISP on gi0/2. In site B I have the same setup, gi0/3 to one ISP and gi0/2 to another. Currently I have a site to site VPN tunnel that is working from A -> B via the connections on ports gi0/3. Now, I try to add a second site to site tunnel via the wizard in ASDM for site A -> B on the ports gi0/2, and as soon as I apply it, I lose the first tunnel, and the new one does not come up. As soon as I remove the second one, the original tunnel is restored. A little confusing I know, but any help would be great.

8 REPLIES

Re: site to site VPN issue

Can you post your "head end" asa config for review.

New Member

Re: site to site VPN issue

Sure here it is for site A. 71.x.x.x is the address at site B.

New Member

Re: site to site VPN issue

It only has one site to site tunnel config on it. Did you remove the config?

New Member

Re: site to site VPN issue

Yes, because when I add the new one, the existing one drops.

New Member

Re: site to site VPN issue

Yes, because when I add the new one, the existing one drops.

Re: site to site VPN issue

post the config of the extra tunnel?

New Member

Re: site to site VPN issue

Here are the latest configs. Disregard the original one as I have changed some things that have allowed me to keep the working tunnel from dropping.

The tunnel that is working fine is the one from Site A:nameif DR-FIOS to Site B:nameif Outside.

The tunnel not coming up is from Site A:nameif DR-FIOS2 to Site B:nameif DR-Tunnel.

Re: site to site VPN issue

Change from this:-

crypto map peer1 20 match address 170

crypto map peer1 20 set peer 74.Y.Y.Y

crypto map peer1 20 set transform-set myset

crypto map peer1 20 set reverse-route

crypto map peer1 interface DR-FIOS2

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map peer2 10 match address 169

crypto map peer2 10 set peer 71.X.X.X

crypto map peer2 10 set transform-set pix2

crypto map peer2 10 set reverse-route

crypto map peer2 interface DR-FIOS

to this:-

crypto map outside_map0 20 match address 170

crypto map outside_map0 20 set peer 74.Y.Y.Y

crypto map outside_map0 20 set transform-set myset

crypto map outside_map0 20 set reverse-route

crypto map outside_map0 interface DR-FIOS2

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map0 10 match address 169

crypto map outside_map0 10 set peer 71.X.X.X

crypto map outside_map0 10 set transform-set pix2

crypto map outside_map0 10 set reverse-route

crypto map outside_map0 interface DR-FIOS

221
Views
0
Helpful
8
Replies
CreatePlease to create content