11-29-2010 11:09 PM - edited 02-21-2020 05:00 PM
Dear Team,
In our organisation we have established Site-Site IPSec Tunnel Successfully . At my END we have used Cisco ASA 5510 firewall used and other END ,used Cisco 1700 series Router. The Network scenario in Block is follows
MY END OTHER END
LAN ------> ASA Firewall -----> Internet Router ----> Internet -------> Cisco 1700 Router ------. LAN.
The Remark Points are :
1) From My PC ( default Gateway is ASA Firewall VPN ) , i am able to ping other END IP address & can https/ https requests
2) From Other END PC ( default Gateway is Cisco Router VPN ), he can ping to my resources like mail server & FTP server ,which are my LAN resources,but he unable to send & receive mails ( POP3/SMTP) & FTP service Etc.
3) FYI , Tunnel esablshed successfully
Pls guide me what is the wrong in my configuration as he is unable to access the LAN resources. I have attached my ASA firewall configuration ,Pls check and let me know the issue
Regards
Ramu
11-30-2010 08:07 AM
HI Ramu,
Hope you are doing fine,
I checked the configuation that you have attached and it looks fine to me
Could you please configure following captures on the ASA
access-list test per ip host
access-list test per ip host
access-list test per ip host
access-list test per ip host
capture vpn access-list test interface inside packet-length 1522
capture drop type asp-drop all
After configuring these captures telnet on port 25 and 21 to the server.
Issue show cap vpn and show cap drop to get the output of the captures.
Also check the logg messages on the ASA while you telnet
Make sure that there is no Policy based routing configured on the router for SMTP and FTP
Regards
Ashish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide