cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
780
Views
0
Helpful
1
Replies

ASA Site-to-Site VPN with VPN3000 problems

tostrander
Level 1
Level 1

I am having an issue with connecting a Site-to-Site VPN between a remote ASA 5505 and a local VPN 3005. The configurations seem to be the same on both ends but I can not even get logging to show the connection. I have attached the configuration of the ASA. I have run debug crypto ipsec, isakemp, and engine on the ASA and I can not see any tracking at all. I can ping the remote host fine, and the ASA is in single mode. What am I missing?

Thanks.

1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

Try changing your crypto and NAT0 ACL. You have the host keyword and I don't believe you should.

access-list outside_1_cryptomap extended permit ip new 255.255.255.0 host kichler

access-list inside_nat0_outbound extended permit ip new 255.255.255.0 host kichler

should be

access-list outside_1_cryptomap extended permit ip new 255.255.255.0 kichler 255.255.255.0

access-list inside_nat0_outbound extended permit ip new 255.255.255.0 kichler 255.255.255.0

You may also want to enable NAT-T even if you're sure there is no NAT in between. Also here's a great troubleshooting guide for VPNs.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Hope it helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: