Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
463
Views
0
Helpful
2
Replies

Site to Site Tunnel between ASA and Cisco Router - route issue !

Ganesan Palaniappan
Level 1
Level 1

ā€Ž01-08-2013 10:48 AM - edited ā€Ž03-11-2019 05:44 PM

Hi Friends,

Let me explain about my setup with a block diagram.

Having a Firewall with two different Service Provider internet Link. Having a default route for the ISP 1 and static route for the ISP 2 depends on  the requirement.

Now we are building a Site to Site tunnel between our ASA and customer Router and we are planning to build that via ISP 2 Link. And also we don't want any NAT between the LAN IP Address. ( ie My LAN is 10.10.10.0/24 and Customer is 192.168.10.0/24)

We had a static route in our Firewall for the Customer Peer IP Address and created Interested Traffic list also. As we don't have NAT control enabled we thought no need to configure (nat 0 access-list XXX).

Now the tunnel is showing up from My End and also from Customer end but ..in my ASA i am able to see only decaps numbers and encaps is Zero. More Over i am not able to send any traffic to customer LAN.

Where is the exact issue and still what are the configuration i need to modify to make it as Successful.

Regards,

GanAlagu

Labels:
Preview file
30 KB
0 Helpful
2 Replies 2

shamax_1983
Level 3
Level 3

ā€Ž01-08-2013 03:09 PM

Hi Gan,

Try adding this route to the configs on the ASA like this

route nameifISP2 192.168.10.0 255.255.255.0 ISP2

Please rate this post if helpful.

Thanks

Shamal

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

ā€Ž01-08-2013 04:59 PM

Hello Ganesan,

Please share the configuration you have please, ( Entire one) Use random ip addresses for the VPN peer and your Ip addresses so we can understand and provide you an accurate solution while being secure

Regards

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card