I want to set up a VPN site to site between 2 networks, both firewalls are ASA 5510, one with security plus license for HA purpose.
But when I set up the VPN tunnel between 2 firewalls, from the log of the firewall of site A, I can see the VPN has set up displayed Group = (IP of Site B), IP = (IP of Site B), Phase one completed. IPSEC: An outbound LAN to LAN SA between ...... has been created. Group = ...... Security negotitation complete for ....... Group =........, PHASE 2 COMPLETED. When I start the ping action by a SITE A PC to SITE B PC. The log showed Built inbound ICMP connection for faddr PC/512 gaddr PC2/0 laddr PC2/0. After a while when the ping show Request timeout, the log showed Teardown ICMP connection for faddr PC/512 gaddr PC2/0 laddr PC2/0
When I do it again with the TELNET FUCNTION, it still the same response seems can not establish.
Experts, please help me.
I think the VPN setting should be OK, because from the log, I can see the Phase 1 and Phase 2 also completed.
Is it a problem with the access list or the security group.
Also, want to ask dose it suppose multiple site to site VPN?
Assume Site A is my place, I want to make a tunnel with Site B and Site C.
If Site B and Site C's private network also is 192.168.1.0. mask 255.255.255.0.
please check the output of "show crypto isakmp sa" the tunnel state should be "QM_Idle"., then your tunnel is up.
Can you post result of "show crypto ipsec sa"
? and also post vpn configurations from both ends .
Regarding your second question of overlapping network for two different sites, here you will have to do Static NAT of network 192.168.1.0/24 of one of the sites on the sites vpn device before it reaches Hub device .If you want site B to communicate with site C then you need to do NAT on both remote vpn devices.
Also since you will configuring the vpn tunnels on outside interface of Hub ASA devices. and ASA by default do not redirect traffic on same interface , you will have to configure
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :