Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

5510 to 5510 VPN - Valid Tunnel Group

I have two 5510's that I am trying to get a tunnel established. One has an exsistinig tunnel to a 5505 that works but I cant get the next one to get past the first phase. I have sanitized the attached configs, can anyone see something obvious?

5 REPLIES
New Member

5510 to 5510 VPN - Valid Tunnel Group

Change in 2twconfig.

nat (INSIDE,OUTSIDE) source static obj-192.168.76.0 obj-192.168.76.0 destination static Vallywood Vallywood

to

nat (INSIDE,OUTSIDE) 1 source static obj-192.168.76.0 obj-192.168.76.0 destination static Vallywood Vallywood

delete this

nat (INSIDE,any) source static obj-192.168.76.0 obj-192.168.76.0 destination static Vallywood Vallywood unidirectional

Do the same on 1twconfig

New Member

5510 to 5510 VPN - Valid Tunnel Group

No luck, thank you for trying to help!

New Member

5510 to 5510 VPN - Valid Tunnel Group

try also delete

group-policy GroupPolicy1 internal

group-policy GroupPolicy1 attributes

vpn-tunnel-protocol IPSec

HTH

5510 to 5510 VPN - Valid Tunnel Group

Hi Charlie,

Your config looks fine on host:1.1.1.1VPN

object network obj-192.168.74.0

subnet 192.168.74.0 255.255.255.0

object network Timberlock

subnet 192.168.76.0 255.255.254.0

nat (inside,outside) source static obj-192.168.74.0 obj-192.168.74.0 destination static Timberlock Timberlock

-------------------------------------------------------------------------

likewise, config looks fine on on host: 2.2.2.2VPN

object network obj-192.168.76.0

subnet 192.168.76.0 255.255.254.0

object network Vallywood

subnet 192.168.74.0 255.255.255.0

access-list OUTSIDE_1_cryptomap extended permit ip object obj-192.168.76.0 object Vallywood Vallywood

But remove this line please from Host: 2.2.2.2VPN


nat (INSIDE,any) source static obj-192.168.76.0 obj-192.168.76.0 destination static Vallywood Vallywood unidirectional


Please add static routes below on both ASA.


on host: 2.2.2.2VPN

route OUTSIDE 192.168.74.0 255.255.255.0 2.2.2.X <- default-gateway.


on host:1.1.1.1VPN

route outside 192.168.76.0 255.255.254.0 1.1.1.X <- default-gateway.

Please update me.

Thanks

Rizwan Rafeek

5510 to 5510 VPN - Valid Tunnel Group

Please rate helpful post.

thanks

662
Views
0
Helpful
5
Replies
CreatePlease to create content