Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
0
Helpful
1
Replies

SA 540 VPN PROBLEM

sudan_023
Level 1
Level 1

‎06-08-2010 11:27 AM

       10.239.1.0/24                                                                                10.239.2.0/24

               |                                                                                                    |

             --|                                                                                                    |--

               |        +-----------+                /-^-^-^-^--\                  +-----------+        |

               |-----| Cisco 1811 |=======| Internet |=======|   SA  540    |-----|

               |   AL+-----------+AW           \--v-v-v-v-/            BW+-----------+BL   |

             --| 10.239.1.1   202.45.60.1                     202.45.60.2  10.239.2.1 |--

               |                                                                                                    |

hello guys i am fresh in this field. I tried to establish VPN between the 1811 and sa540. The VPN Tunnel is UP but from the Cisco 1811 i cannot ping to SA540 "BW" 202.45.60.2 and "BL" 10.239.2.1 i have defined default route and static route on both devices but from SA540 i can ping to "AL" 10.239.1.1. help on this want to make communication between 10.239.1.0/24 with 10.239.2.0/24.

please provide step by step guide to configure the SA540.

Thank You.

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎06-08-2010 03:55 PM

Hi,

Does the tunnel show established on the SA540?

Do you see both phase 1 and phase 2 established on the router?  ''sh cry isa sa'' and ''sh cry ips sa''

A good test (if the tunnel is established) is the following:

PING from the router's internal LAN to the internal LAN of the SA540 and check the ''sh cry ips sa'' for packets encrypted/decrypted. This will give us an idea where to look.

Are you doing NAT also?


Federico.

0 Helpful
Customers Also Viewed These Support Documents