10-08-2009 12:58 PM
Dear All
i am establish a vpn tunnel between cisco asa 5510 and a cisco router.The tunnel is up and i can ping both crypto interfaces.Also from the asa console i can ping the lan interface of the router but from the router i can not ping the lan interface of the asa this message shows up in the log
%ASA-3-713042: IKE Initiator unable to find policy: Intf liaison_BLR, Src: 128.2
23.125.232, Dst: 129.223.123.234
Here is the config of the equipements.
I was able to successfully establish an ipsec tunnel with another 1841 ROUTER.I am having 1 hub site and 3 remotes sites with asa as hub.
Please Help.
Solved! Go to Solution.
10-08-2009 01:46 PM
Your crypto ACLs aren't matching. They need to be exact mirrors of each other.
Also, you may want to consider fixing the security-levels on the interfaces. They are all set to 0. Set the internal/private ones to a higher value.
Let me know how it goes.
PS. If you find this post helpful, please rate it.
10-08-2009 01:46 PM
Your crypto ACLs aren't matching. They need to be exact mirrors of each other.
Also, you may want to consider fixing the security-levels on the interfaces. They are all set to 0. Set the internal/private ones to a higher value.
Let me know how it goes.
PS. If you find this post helpful, please rate it.
10-09-2009 02:11 PM
Thanks you i was able to solve the issue it was the matching of the access-lists.
Thanks big Boss
Thanks to the Netpro community.
10-12-2009 12:04 PM
Make sure you are using the lan interface of your router to ping (by default the router will use the external interface - the crypto interface). Type ping with no other parameters and make sure to choose 'y' for extended commands to choose which interface to use to ping.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide