Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA Site-to-Site VPN with VPN3000 problems

I am having an issue with connecting a Site-to-Site VPN between a remote ASA 5505 and a local VPN 3005. The configurations seem to be the same on both ends but I can not even get logging to show the connection. I have attached the configuration of the ASA. I have run debug crypto ipsec, isakemp, and engine on the ASA and I can not see any tracking at all. I can ping the remote host fine, and the ASA is in single mode. What am I missing?

Thanks.

1 REPLY

Re: ASA Site-to-Site VPN with VPN3000 problems

Try changing your crypto and NAT0 ACL. You have the host keyword and I don't believe you should.

access-list outside_1_cryptomap extended permit ip new 255.255.255.0 host kichler

access-list inside_nat0_outbound extended permit ip new 255.255.255.0 host kichler

should be

access-list outside_1_cryptomap extended permit ip new 255.255.255.0 kichler 255.255.255.0

access-list inside_nat0_outbound extended permit ip new 255.255.255.0 kichler 255.255.255.0

You may also want to enable NAT-T even if you're sure there is no NAT in between. Also here's a great troubleshooting guide for VPNs.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Hope it helps.

611
Views
0
Helpful
1
Replies
CreatePlease to create content