Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn between asa 5510 and router

Hi,

I configured ASA 5510 to make vpn LAN to LAN with 17 router 857. and between routers.

the vpn between routers works fine.

from the lan behind ASA i can ping the PCs behind routers.

but from PCs behind routers i can't ping pscs behind ASA.

i configured remote access with client cisco vpn 4.X, it works good with routers , but can't works with asa.

the asa is connected to wan via à router zoom (adsl)

1 ACCEPTED SOLUTION

Accepted Solutions

Re: vpn between asa 5510 and router

Are you telnetting into the firewall?

Do the following to see the debug output:

terminal monitor

logging monitor 7 (type this in config mode)

Else if its console, do 'logging console 7'

then do

debug crypto isakmp

debug crypto ipsec

then generate a ping from some device at the back of ASA having 192.168.200.0 address going towards any of the VPN subnets...and then paste output here

Regards

Farrukh

7 REPLIES
New Member

Re: vpn between asa 5510 and router

hi,

can someone check this configuration.

please help

New Member

Re: vpn between asa 5510 and router

access-list inside_access-in extended permit ip yournetwork clientnetwork

Example

access-list inside_access-in extended permit ip 10.20.31.0 255.255.255.0 10.200.225.0 255.255.255.0

New Member

Re: vpn between asa 5510 and router

hi mekkeyan,

i add this

access-list inside_access-in extended permit ip 192.168.200.0 255.255.255.0 192.168.111.0 255.255.255.0

but i have the same problem.

i use this ACL access-list inside_access-in extended permit ip any any

that englobe all traffic.

my problem that the vpn is one way.

from asa to router is ok.

but from router to asa and from client cisco to asa can't work.

Re: vpn between asa 5510 and router

Can you please be specific about your problem, Is it possible to post output of the following:

show crypto ipsec sa detail

show run sysopt

debug crypto ipsec (If phase 1 is ok)

else

debug crypto isakmp, also

Also after making changes on the crypto map, I hope you removed it and re-applied it to the interface

Regards

Farrukh

New Member

Re: vpn between asa 5510 and router

hi farrukh,

i reconfgured the ASA but the problem is not resolved.

the debug commnd can't revelate anything:

firwall# show run sysopt

no sysopt connection timewait

sysopt connection tcpmss 1380

sysopt connection tcpmss minimum 0

no sysopt nodnsalias inbound

no sysopt nodnsalias outbound

no sysopt radius ignore-secret

no sysopt uauth allow-http-cache

sysopt connection permit-ipsec

firwall# sh crypto ipsec sa

There are no ipsec sas

firwall# debug crypto ipsec

firwall#

firwall# debug crypto isakmp

firwall#

Re: vpn between asa 5510 and router

Are you telnetting into the firewall?

Do the following to see the debug output:

terminal monitor

logging monitor 7 (type this in config mode)

Else if its console, do 'logging console 7'

then do

debug crypto isakmp

debug crypto ipsec

then generate a ping from some device at the back of ASA having 192.168.200.0 address going towards any of the VPN subnets...and then paste output here

Regards

Farrukh

New Member

Re: vpn between asa 5510 and router

hi Farrukh,

it is right.

the router zoom can't forward the traffic to interface outside of the ASA.

Now i gived a public address to interface outside of ASA, and the vpn works fine.

thank you very mutch for help

175
Views
0
Helpful
7
Replies
CreatePlease to create content