Solved: Trouble with site to site vpn with 2 asa's

Chris Knipe · ‎03-05-2012

I have been trying many different ways to get this to work but have been unable to. After 8 hours I literally have a headache and have to step away for a minute. I just realized I needed to ping between the tunnels to bring it up but still am unable to. Can anyone take a look and tell me where i've gone wrong? Im trying to configure a site to site vpn betwen :

ASA_A

outside interface 5.179.17.66

inside interface 10.1.1.1

ASA B

outside interface 5.81.57.19

inside interface 10.1.2.1

ajay chauhan · ‎03-06-2012

Frist why do you have two DG on box-

route outside 0.0.0.0 0.0.0.0 5.179.121.65 1

route outside 0.0.0.0 0.0.0.0 5.179.17.65 1

Fix it both end then it should work .

Thanks

Ajay

View solution in original post

ajay chauhan · ‎03-06-2012

Frist why do you have two DG on box-

route outside 0.0.0.0 0.0.0.0 5.179.121.65 1

route outside 0.0.0.0 0.0.0.0 5.179.17.65 1

Fix it both end then it should work .

Thanks

Ajay

Chris Knipe · ‎03-06-2012

I just took over managing this device and have overlooked this part of the config. I am not sure why that part of the config would be there. There is just 1 route out to the internet from this device and there is no failover configured. I know you can have a backup static route with a higher metric, but is there any reason that there would be a duplicate other than out of error?

ajay chauhan · ‎03-07-2012

You should keep one DG remove the unused.

Chris Knipe · ‎03-07-2012

Thank you, this seemed to resolve the issue.