Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

site to site VPN via ASA5540 question

here is the basic info:

access-list public-2 extended permit ip host 163.148.20.105 101.161.0.0 255.255.0.0

global (Outside) 3 112.129.231.142

nat (Inside) 3 access-list public-2

crypto map Outside-map 10 match address Outside_20_cryptomap

crypto map Outside-map 10 set peer 163.148.20.105

crypto map Outside-map 10 set transform-set ESP-3DES-SHA

crypto map Outside-map interface Outside

crypto isakmp enable Outside

crypto isakmp policy 15

authentication pre-share

encryption 3des

hash sha

group 1

lifetime 28800

tunnel-group 163.148.20.98 type ipsec-l2l

tunnel-group 163.148.20.98 ipsec-attributes

pre-shared-key *

tunnel-group 163.148.20.105 type ipsec-l2l

tunnel-group 163.148.20.105 ipsec-attributes

pre-shared-key *

=======================================

the other end does not see any data.

the other VPN box is 163.148.20.98

But we are trying to tunnel to 163.148.20.105 .

The outside interface is 112.129.230.13

Can you see any problem with the config?

1 REPLY
New Member

Re: site to site VPN via ASA5540 question

Please explain the following:

"the other VPN box is 163.148.20.98

But we are trying to tunnel to 163.148.20.105"

What are the crypto endpoint and what address(es) do you want to include in the tunnel?

Do the other side use NAT/PAT to the .105 address?

Please show how you configured the "Outside_20_cryptomap" access-list.

88
Views
0
Helpful
1
Replies
CreatePlease to create content