Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

L2L tunnel established but no communication

Hi techs, am trying to pinpoint what could be the issue between my Cisco ASA 5510 and a remote Cisco rtr L2L vpn. The tunnel is successfully established but when i ping the remote lan from my lan no packets are going through. The reverse is also true. Ive tried packet tracer troubleshooting on the asdm and i have noted the nat-exemption rule is not being used yet i have configured it, instead its going straight to nat rule 1 which is a PAT. Some1 please give an insight into this probo. Funny enough i have 6 other tunnels which are working perfectly.

5 REPLIES
New Member

Re: L2L tunnel established but no communication

We're gonna need to see your config for this particular VPN, specifically the 'crypto map' and 'NAT exemption'.

New Member

Re: L2L tunnel established but no communication

access-list inside_nat0_outbound extended permit ip 192.168.60.0 255.255.255.0 192.168.102.0 255.255.255.0

nat (inside) 0 access-list inside_nat0_outbound

access-list outside_cryptomap extended permit ip 192.168.60.0 255.255.255.0 192.168.102.0 255.255.255.0

crypto map outside_map0 3 match address outside_cryptomap

crypto map outside_map0 3 set pfs group2

crypto map outside_map0 3 set connection-type bi-directional

crypto map outside_map0 3 set peer X.X.X.X

crypto map outside_map0 3 set transform-set ESP-3DES-MD5

crypto map outside_map0 3 set security-association lifetime seconds 28800

crypto map outside_map0 3 set security-association lifetime kilobytes 4608000

crypto map outside_map0 3 set inheritance rule

crypto map outside_map0 3 set phase1-mode main

crypto map outside_map0 3 set reverse-route

tunnel-group X.X.X.X type ipsec-l2l

tunnel-group X.X.X.X general-attributes

no accounting-server-group

default-group-policy DfltGrpPolicy

tunnel-group X.X.X.X ipsec-attributes

pre-shared-key 1234

peer-id-validate req

no chain

no trust-point

isakmp keepalive threshold 10 retry 2

New Member

Re: L2L tunnel established but no communication

Another strange pointer is that when i do a ping from the firewall, sourcing it from the firewalls inside interface ip (192.168.60.1), the ping is successful and also when the guys from remote end ping that ip they get replies. Its only when we ping anything behind that interface tho in the same subnet. In the lan the dg points to the firewalls ip (192.168.60.1) so its nothing to do with routing.

New Member

Re: L2L tunnel established but no communication

Do you have nat-control enable?.

Regards,

Carlos Roque

New Member

Re: L2L tunnel established but no communication

yes nat-control is enabled.

151
Views
0
Helpful
5
Replies
CreatePlease to create content