Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Issue with Site-Site IPSec Tunnel with ASA 5510 and Cisco IOS Router

Dear Team,

In our organisation we have established Site-Site IPSec Tunnel Successfully . At my END we have used Cisco ASA 5510 firewall used and other END ,used Cisco 1700 series Router. The Network scenario in Block is follows

                     MY END                                                                         OTHER END

   LAN ------> ASA Firewall -----> Internet Router ----> Internet ------->   Cisco 1700 Router ------. LAN.

The Remark Points are :

1)  From My PC ( default Gateway is ASA Firewall VPN ) , i am able to ping other END IP address & can https/ https requests

2) From Other END PC ( default Gateway is Cisco Router VPN ), he can ping to my resources like mail server & FTP server ,which are my LAN resources,but he unable to send & receive mails ( POP3/SMTP)  & FTP service Etc.

3) FYI , Tunnel esablshed successfully

Pls guide me what is the wrong in my configuration as he is unable to access the LAN resources. I have attached my ASA firewall configuration ,Pls check and let me know the issue

Regards

Ramu

  • VPN
1 REPLY
New Member

Re: Issue with Site-Site IPSec Tunnel with ASA 5510 and Cisco IO

HI Ramu,

Hope you are doing fine,

I checked the configuation that you have attached and it looks fine to me

Could you please configure following captures on the ASA

access-list test per ip host host

access-list test per ip host host

access-list test per ip host host

access-list test per ip host host 

capture vpn access-list test interface inside packet-length 1522

capture drop type asp-drop all

After configuring these captures telnet on port 25 and 21 to the server.

Issue show cap vpn and show cap drop to get the output of the captures.

Also check the logg messages on the ASA while you telnet

Make sure that there is no Policy based routing configured on the router for SMTP and FTP

Regards

Ashish

558
Views
0
Helpful
1
Replies
This widget could not be displayed.