Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Tunnel is not up

Hello Expert:

I'm having an issue with L2L vpn, after the configuration is done and I still not able to see the tunnel up from both remote sites. 

Here is the racap:

ArizonaFWL: inside: 10.20.15.0/24

                        outside: 65.244.227.18/28

DenverFWL: inside: 10.20.7.0/24

                       outside: 65.102.216.130/28

Attached is the configured for both fwl. Any help will greatly appreciate.

Thx,

-HP

2 REPLIES
Super Bronze

Hi,

Hi,

 

On a quick glance it would seem to me that you atleast lack the NAT0 configurations for these 2 sites LAN networks on both devices.

 

If the NAT0 is not performed or more specifically if the traffic between these sites is not exempted from NAT with the NAT0 configuration then the traffic wont match the L2L VPN configuration and the tunnel negotiation wont even start.

 

So I would suggest adding the following configurations and testing again. Both ACL lines are added to the already existing ACL named "nonat" that is used in the "nat (inside) 0 access-list nonat" configuration.

 

DENVER

access-list nonat extended permit ip 10.20.7.0 255.255.255.0 10.20.15.0 255.255.255.0

 

ARIZONA

access-list nonat extended permit ip 10.20.15.0 255.255.255.0 10.20.7.0 255.255.255.0

 

If this does not help then we will have to look at the situation a bit closer.

 

Hope this helps :)

 

- Jouni

New Member

Thx for your reply. After I

Thx for your reply. 

After I added these two lines and ran show crypto, I still not see the VPN IP addresses on both sides.

I already done remap crypto but the issue remains the same. 

Do you know if I have miss anything else beside ACL lines above.

 

49
Views
0
Helpful
2
Replies
CreatePlease to create content