Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
455
Views
0
Helpful
2
Replies

L2L VPN between ASA and IOS

alex goshtaei
Level 1
Level 1

‎09-24-2010 12:15 PM

Hi All,

I've setup L2L VPN between ASA and IOS, tunnel has been up and running but no traffic is encrypted in ASA and no traffic is decrypted in IOS router. In ASA I am using NAT, but in IOS router NAT is not being used and all traffic from router must be passed through tunnel.

any suggestion would be very appreciated.

Alex

Labels:
0 Helpful
2 Replies 2

amitaaga
Cisco Employee
Cisco Employee

‎09-24-2010 12:57 PM

hi alex,

are you doing nat for vpn traffic on the ASA or is it for the internet traffic?

wat is the crypto acl configured on both the sides?

also wat happens when vpn traffic is initiated from behind the router? do you see any encaps on the router and decaps on the ASA then?

amitashwa

0 Helpful

manish arora
Level 6
Level 6
In response to amitaaga

‎09-24-2010 01:48 PM

Hi,

Change the ACL on asa and router as such :-

on asa ( outside interface a.b.c.d) :-

access-list crypto-acl ext per ip host a.b.c.d host x.y.z.u

there should be any no nat or nat exempt for traffic on asa that is going to the router.

on the router ( interface ip add x.y.z.u) :-

access-list crupto-acl ext per ip host x.y.z.u host a.b.c.d

This should work, if you have simillar setting but it isnt working then please post the configuration without public IP's for review.

Thanks

Manish

0 Helpful
Customers Also Viewed These Support Documents