Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5540 VPN tunnel to VPN tunnel

Hi,

I am using ASA5540 and configured the IPSEC VPN, my client use routers that each open L2TP IPSEC VPN to my ASA5540.

Per username and password I allocate static IP addresses from my Radius Server.

I can see both client routers have established VPN on the ASA.

At each client Router there is the private network,

Client A                               Client A Router                           ASA5540                         Client B Router             Client B  

                                                                                      VPN IP Allocated

10.220.100.6/30                   10.220.100.5/30                       192.168.228.1       

                                                                                        192.168.228.2                      10.220.100.9/30          10.220.100.10/30

I need from 10.220.100.6 to ping 10.220.100.10 via the tunnels.

Someone please help.

Louis

2 REPLIES

Re: ASA5540 VPN tunnel to VPN tunnel

Have you tried tracing the remote client sites from the other respective client site?

can you try doign the same from both the router and also from the client site pcs and find where the trace is gettings stuck up?

regds

New Member

Re: ASA5540 VPN tunnel to VPN tunnel

Hi, thanks,

I did do that,

If I ping from 10.220.100.10 to 10.220.100.5 this is what I get on the logging at the ASA

IPSEC: Received an ESP Packet (SPI=0x15959DA1, sequence number= 0x2A) from 192.168.46.170 (user =louis98) to 66.8.38.170. The decapsulated inner packet doesn't match the negotiated polocy in the SA. The packet specifies its destination as 10.220.100.5, its source as 10.220.100.10, and its protocol as 1. The SA specifies its local proxy as 66.8.38.170/255.255.255.255/17/42246 and it remote_proxy as 192.168.56.170/255.255.255.255/17/42246

If I traceroute from 10.220.100.10 to 10.220.100.5 all I see is 10.220.100.9 and ASA logging shows

I get the same here as above just the protocol is 17

Regards, Louis

222
Views
0
Helpful
2
Replies
CreatePlease to create content