01-24-2022 02:53 AM
hello,
i have two asa 5506 and i wanted to configure a vpn sas.
i used the wizard and cli but not working, i don't find any thing on the logs.
any help please.
Solved! Go to Solution.
01-24-2022 03:04 AM
First need to check, Are you able to reach ASA to ASA before you process to Site to Site VPN.
post the config of both ASA here.
You can find example and troubleshoot tips :
https://www.petenetlive.com/KB/Article/0001429
01-24-2022 03:04 AM
First need to check, Are you able to reach ASA to ASA before you process to Site to Site VPN.
post the config of both ASA here.
You can find example and troubleshoot tips :
https://www.petenetlive.com/KB/Article/0001429
01-24-2022 08:48 AM
01-24-2022 08:21 AM
Hello,
hard to say what is missing, since your probably used the ASDM VPN Wizard.
The Wizard has a summary screen (.7 in the attached document), can you post a screenshot of that ?
01-24-2022 08:52 AM
Just out of curiosity, how did you resolve this, what was the issue ?
01-24-2022 12:00 PM
the problem don't resolved yet
01-24-2022 12:14 PM
Hello,
I would suggest not marking the question as 'resolved' if it is actually not. The reason is that once you do, nobody will look at it anymore because the assumption is that it is.
01-25-2022 12:25 AM
thank you,
sorry i think i clicked on Accept as Solution with no purpose.
01-25-2022 01:17 AM
Hello,
no big deal. I am not a moderator or anything, it just helps you to mark anything as resolved when it actually is resolved. People usually skip resolved posts, as they assume the problem is...well...resolved.
Either way, did changing the NAT exemption from 'inside_2' to 'inside' change anything ?
01-25-2022 01:23 AM
ok, thank you i appreciate that.
nope nat command didn't change anything
01-24-2022 12:21 PM
Hello,
I think the NAT exemption statement on your asa1 might be wrong. Change:
nat (inside_2,outside) source static local local destination static remote remote no-proxy-arp route-lookup
to
nat (inside,outside) source static local local destination static remote remote no-proxy-arp route-lookup
so the inside interface reflects the BDI.
01-25-2022 01:23 AM
no sir this didn't work
01-25-2022 01:51 AM
Hello,
are these 5506-X ASAs ? I think the BVI is the default configuration for these devices (starting from 9.7). Do you really need the BVI ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide