Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 8.4.3 Lan to Lan

I need to connect to another Asa running 8.0 Ios, I am running 8.4.3 Ios.

Need to nat 3 servers to 3 ip's. to to to

remote has 3 ip's to connect to

What should my nat statement look like, and what is my access list for inbound traffic look like.

I know the crypto map will use the natted addresses.

Attached is my configuration, I can ping the remote server but they cannot ping my servers I get no matching sa in phase 2.

Also attached is the remote configuration.

Super Bronze

Re: ASA 8.4.3 Lan to Lan


In your ASA running 8.4 software you have to open the traffic in the OUTSIDE access-list using the real address, not the NAT address.

access-list outside_access_in extended permit ip object-group remote-servers object-group remote-servernat

You need to replace the destination object-group with the real IP address on your side which would be the object "inside-servers"

You say you can ping the remote end but they cant ping you? Doesnt that mean the VPN is ok but there isn't the proper rules to allow ICMP etc (the above ACL)? I mean if the connections work from other end (both going and return traffic for ICMP) but not the other it should still mean the VPN is fine.

Please rate if it was helpfull

or ask more if needed

- Jouni

New Member

Re: ASA 8.4.3 Lan to Lan

That was helpfull I found the problem.

Super Bronze

ASA 8.4.3 Lan to Lan


Please rate if you found the post helpfull

CreatePlease to create content