Solved: Re: tunnel up but no ping from asa inside interface

kolawole1 · ‎10-08-2009

Dear All

i am establish a vpn tunnel between cisco asa 5510 and a cisco router.The tunnel is up and i can ping both crypto interfaces.Also from the asa console i can ping the lan interface of the router but from the router i can not ping the lan interface of the asa this message shows up in the log

%ASA-3-713042: IKE Initiator unable to find policy: Intf liaison_BLR, Src: 128.2

23.125.232, Dst: 129.223.123.234

Here is the config of the equipements.

I was able to successfully establish an ipsec tunnel with another 1841 ROUTER.I am having 1 hub site and 3 remotes sites with asa as hub.

Please Help.

auraza · ‎10-08-2009

Your crypto ACLs aren't matching. They need to be exact mirrors of each other.

Also, you may want to consider fixing the security-levels on the interfaces. They are all set to 0. Set the internal/private ones to a higher value.

Let me know how it goes.

PS. If you find this post helpful, please rate it.

View solution in original post

auraza · ‎10-08-2009

Your crypto ACLs aren't matching. They need to be exact mirrors of each other.

Also, you may want to consider fixing the security-levels on the interfaces. They are all set to 0. Set the internal/private ones to a higher value.

Let me know how it goes.

PS. If you find this post helpful, please rate it.

kolawole1 · ‎10-09-2009

Thanks you i was able to solve the issue it was the matching of the access-lists.

Thanks big Boss

Thanks to the Netpro community.

rimbertr1 · ‎10-12-2009

Make sure you are using the lan interface of your router to ping (by default the router will use the external interface - the crypto interface). Type ping with no other parameters and make sure to choose 'y' for extended commands to choose which interface to use to ping.