Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1006
Views
0
Helpful
5
Replies

5510 to 5510 VPN - Valid Tunnel Group

Charlie Taylor
Level 4
Level 4

‎05-03-2012 04:20 PM

I have two 5510's that I am trying to get a tunnel established. One has an exsistinig tunnel to a 5505 that works but I cant get the next one to get past the first phase. I have sanitized the attached configs, can anyone see something obvious?

Labels:
127377-2twoconfig.txt.zip
127378-1oneconfig.txt.zip
0 Helpful
5 Replies 5

Shone_Aleksey
Level 1
Level 1

‎05-06-2012 11:54 AM

Change in 2twconfig.

nat (INSIDE,OUTSIDE) source static obj-192.168.76.0 obj-192.168.76.0 destination static Vallywood Vallywood

to

nat (INSIDE,OUTSIDE) 1 source static obj-192.168.76.0 obj-192.168.76.0 destination static Vallywood Vallywood

delete this

nat (INSIDE,any) source static obj-192.168.76.0 obj-192.168.76.0 destination static Vallywood Vallywood unidirectional

Do the same on 1twconfig

0 Helpful

Charlie Taylor
Level 4
Level 4
In response to Shone_Aleksey

‎05-06-2012 04:30 PM

No luck, thank you for trying to help!

0 Helpful

Shone_Aleksey
Level 1
Level 1
In response to Charlie Taylor

‎05-07-2012 06:46 AM

try also delete

group-policy GroupPolicy1 internal

group-policy GroupPolicy1 attributes

vpn-tunnel-protocol IPSec

HTH

0 Helpful

rizwanr74
Level 7
Level 7

‎05-07-2012 08:59 AM

Hi Charlie,

Your config looks fine on host:1.1.1.1VPN

object network obj-192.168.74.0

subnet 192.168.74.0 255.255.255.0

object network Timberlock

subnet 192.168.76.0 255.255.254.0

nat (inside,outside) source static obj-192.168.74.0 obj-192.168.74.0 destination static Timberlock Timberlock

-------------------------------------------------------------------------

likewise, config looks fine on on host: 2.2.2.2VPN

object network obj-192.168.76.0

subnet 192.168.76.0 255.255.254.0

object network Vallywood

subnet 192.168.74.0 255.255.255.0

access-list OUTSIDE_1_cryptomap extended permit ip object obj-192.168.76.0 object Vallywood Vallywood

But remove this line please from Host: 2.2.2.2VPN


nat (INSIDE,any) source static obj-192.168.76.0 obj-192.168.76.0 destination static Vallywood Vallywood unidirectional


Please add static routes below on both ASA.


on host: 2.2.2.2VPN

route OUTSIDE 192.168.74.0 255.255.255.0 2.2.2.X <- default-gateway.


on host:1.1.1.1VPN

route outside 192.168.76.0 255.255.254.0 1.1.1.X <- default-gateway.

Please update me.

Thanks

Rizwan Rafeek

0 Helpful

rizwanr74
Level 7
Level 7

‎05-09-2012 07:41 PM

Please rate helpful post.

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents