Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN between ASA 5510 and Cisco 1721 router

Hi there,

I have a little problem. Advice me to resolve it pls.

I created IPSec VPN between ASA 5510 and Cisco 1721 and those config is following :


ASA 5510 configuration


interface Ethernet0/2

speed 100

duplex full

nameif inside

security-level 90

ip address

ospf cost 10


interface Ethernet0/3

speed 10

duplex full

nameif vpn

security-level 0

ip address

ospf cost 10

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group service TCP_Service_Group tcp

description Well known TCP ports

port-object eq pop3

port-object eq sqlnet

port-object eq ftp-data

port-object eq ftp

port-object eq ssh

port-object eq telnet

port-object eq smtp

port-object eq https

port-object eq www

port-object eq domain

port-object range 5050 5050

port-object eq imap4

object-group service IPSec_Ports udp

port-object eq isakmp

object-group service vpn tcp

port-object range netbios-ssn netbios-ssn

port-object range 445 445

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit ip

access-list inside_access_in extended permit tcp object-group vpn

access-list inside_access_in extended permit tcp any object-group TCP_Service_Group

access-list vpn_20_cryptomap extended permit ip

access-list inside_nat0_outbound extended permit ip

ip verify reverse-path interface outside

ip verify reverse-path interface dmz

ip verify reverse-path interface inside

ip verify reverse-path interface vpn

icmp unreachable rate-limit 1 burst-size 1

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 2

nat (vpn) 2

access-group inside_access_in in interface inside

route outside x.x.x.x 1

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map vpn_map 20 match address vpn_20_cryptomap

crypto map vpn_map 20 set peer

crypto map vpn_map 20 set transform-set ESP-3DES-SHA

crypto map vpn_map interface vpn

crypto isakmp enable vpn

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *


Cisco 1721 routers configuration


crypto isakmp policy 11

encr 3des

authentication pre-share

group 2

crypto isakmp key cisco123 address

crypto ipsec transform-set 1st esp-3des esp-sha-hmac

crypto map nolan 11 ipsec-isakmp

set peer

set transform-set 1st

match address 120

interface Ethernet0

ip address

ip nat outside


crypto map nolan

interface FastEthernet0

ip address

ip nat inside


speed 100

ip nat pool branch netmask 255.255.255.

ip nat inside source route-map nonat pool branch overload

ip route

access-list 120 permit ip

access-list 130 deny ip

access-list 130 permit ip any

route-map nonat permit 10

match ip address 130



And now, I can access from to any windows share in network network like following:

Start\Run \\

and also Internet access is OK.

And I can access to Internet from, but I can`t access to

For example:

Start\Run \\

Error is "The network path is not found."


Is it clear?

where is problem? What should I do?

Help me pls,

Tnx a lot.

CreatePlease to create content