I am trying to set up a site to site VPn between IOS router and ASA as per above. Phase 1 and Phase 2 seems fine as per the following but I could not ping internal interface of the router or ASA or any device either endpoint of the VPN tunnel. Please show the show crypto isakmp sa and ipsec sa below.
I also paste the VPN config details for both devices below ASA and Cisco 1800
REMOTE-A#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
188.8.131.52 184.108.40.206 QM_IDLE 2056 0 ACTIVE
IPv6 Crypto ISAKMP SA
REMOTE-A#sh crypto ipsec sa
Crypto map tag: SDM_CMAP_1, local addr 220.127.116.11
protected vrf: (none)
local ident (addr/mask/prot/port): (172.17.100.0/255.255.255.0/0/0)
Re: Site to Site VPN between Cisco 1800 and ASA 5510
I tried injecting set reverse-route on ASA as follows and run ping from router using internal interface but no luck. It seems tarffic is hitting the ASA from router as the per show crypto isa... on. Encaps packet from router and decaps from ASA but no reply from ASA back to router
crypto dynamic-map outside_dyn_map 40 set reverse-route
PO-ASA# sh crypto ipsec sa peer 18.104.22.168 peer address: 22.214.171.124 Crypto map tag: outside_dyn_map, seq num: 40, local addr: 126.96.36.199
local ident (addr/mask/prot/port): (192.168.20.0/255.255.252.0/0/0) remote ident (addr/mask/prot/port): (172.17.100.0/255.255.255.0/0/0) current_peer: 188.8.131.52
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...