Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
One of the peers cannot establish the tunnel with ASA 5510
These could be among the reasons for this behavior:
An incorrect peer IP address defined in the crypto-map.
The same crypto access-list command might be bound with both the crypto-map entries on the Adaptive Security Appliance (ASA). As a result, the second crypto-map entry is never hit, since the traffic meant for the second peer is matching with the crypto access-list bound with the first crypto-map entry.
To resolve this issue, verify that:
The peer IP is correct.
The access-list command bound with the separate crypto-map entries are different, so that the relevant access-list is hit, as shown:
access-list vpn1 permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list vpn2 permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0 crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto map IPsec_map 10 match address vpn1 crypto map IPsec_map 10 set peer 22.214.171.124 crypto map IPsec_map 10 set transform-set myset crypto map IPsec_map 11 match address vpn2 crypto map IPsec_map 11 set peer 126.96.36.199 crypto map IPsec_map 11 set transform-set myset crypto map IPsec_map interface outside
At this point, you should be able to pass traffic.