Issues with Site to Site VPN Setup

bluem9000 · ‎10-16-2013

Hello,

I am trying to setup a VPN tunnel between 2 sites (ASA5510 and Juniper) but running into few issues.

My site is using ASA5510 while secondary site is using Juniper. The network Admin in the site with Juniper hardware setup the VPN tunnel and sent me info such as IPs, phase1 and 2 proposal...etc to setup my side.

Phase1 proposal: pre-g2-3des-sha

Phase2 proposal: g2-esp-3des-sha

On the ASA>Monitoring I see 0 for Bytes Tx and xxxxx for Bytes RX.

I have setup the Tunnel using the Wizard on ASA.

Not sure if the exact problem or how to troubleshoot. The network admin from other site (Juniper) tells me to check my route configuration but not sure if further configuration must be made on ASA. I had to make changes to IKE Proposal and change lifetime (seconds) to 28800 to match on the Juniper side.

Thanks...B

ajitp2004 · ‎10-16-2013

Hi,

This means that your phase 1 and 2 are configured and you are receving the packets but your side is not sending any packet. Please do following:

1. Check your NAT rule if you are NATing remote host. Use sh conn, sh xlate command to check local host connection and translations if any

2. Check the routing from your host to remote host/NATed IP

3. Please post sh crypto ipsec sa output (It should have ##pkts encaps: 0)

4. Please post your configuration

-Ajit