Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

asa to asa tunnel nor working

I am trying to setup l2l tunel between 2 asa devices tunel establishes but when i try to ping fom site l1 to site r1 i see that icmp psaes to tunnel but not recieved back. tunnel tx increased.

on r1 site i see that tunnel RX increased but not tx. acl sems to be the same. what could be the problem.

attache runin configs. r1 and l1.

11 REPLIES

Re: asa to asa tunnel nor working

check your no-nat config.

Community Member

Re: asa to asa tunnel nor working

fixed nat on r1 to

nat (inside) 0 access-list nonat

nat (inside) 1 10.20.30.0 255.255.255.0

but nothing helps .

Re: asa to asa tunnel nor working

Make sure the no-nat on both sides is relevant eg:-

L1

no-nat permit ip <> <>

R1

no-nat permit ip <> <>

Community Member

Re: asa to asa tunnel nor working

i have checked or even disabled nat on both sites.

When i do packet tracer on on r1 asa i got strange output.

i have rule on r1 to permit <> <>

eevn after it permit any any on r1 inside interface bu tracer said that paket was droped by implicit rule deny any any.

Re: asa to asa tunnel nor working

Post the config's agian - removing sensitive information.

Community Member

Re: asa to asa tunnel nor working

here it is

Community Member

Re: asa to asa tunnel nor working

forgot to attach

Re: asa to asa tunnel nor working

post the output of the "show crypto ipsec sa" from both sides

Community Member

Re: asa to asa tunnel nor working

here it is.

Re: asa to asa tunnel nor working

Ths issue is on the R1 side - check, check and re-check all config, no-nat, interesting traffic, ip routes etc.

Community Member

Re: asa to asa tunnel nor working

I know that in r1 but where?

I recreated ipsec tunel from begining on r1 but now when i am trying to initiate tunell form r1 side i get

Routing failed to locate next hop for icmp from NP Identity Ifc:10.20.30.1/0 to inside:10.89.48.1/0

if i am trying to establish tunel from l1 side it comes up bu no reply from r1 to l1 side.

198
Views
0
Helpful
11
Replies
CreatePlease to create content