Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2L Vpn. tunnel is up but no routing between sites.

I have a 5505 and 5510 configured with a l2l ipsec tunnel. The tunnel comes up but, inside traffic does not pass between sites.

I'm attachinng the configs for each side.

Any help would be great.

Thank you.

Ed

Everyone's tags (3)
4 REPLIES

Re: L2L Vpn. tunnel is up but no routing between sites.

your nat exempt rule does not reflect your crypto map access list in your asa5505 office2 configuration


you have

access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0


crypto map outside_map 1 match address outside_cryptomap_1


your current  nat inside statement is : nat (inside) 0 access-list nonat

change the nat exempt  rule to :  nat (inside) 0 access-list outside_cryptomap_1

try those changes and post results.


Regards

Re: L2L Vpn. tunnel is up but no routing between sites.

Hi Eddie,  has your issue being resolved or do you still have problems?

Rgds

New Member

Re: L2L Vpn. tunnel is up but no routing between sites.

Hello Jorge,

No, that didn't work. I removed all the vpn commands and created the tunnels again with no avail.

The tunnel comes up but I can not ping the inside interface of the other side.

Any other thoughts?

Thank you,

Eddie Lee

New Member

Re: L2L Vpn. tunnel is up but no routing between sites.

HI,

The VPN confguration seems to be fine.Can you send the debugs from the firewalls.

debug crypto isakmp 200

debug crypto ipsec 200

try to add the command "sysopt connection permit vpn" on both the ASA

Regards,

Pradhuman

732
Views
0
Helpful
4
Replies
CreatePlease to create content