Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2664
Views
0
Helpful
18
Replies

Cisco ASA 9.1 Site to site VPN

Go to solution
shamsul77
Level 1
Level 1

‎09-12-2016 10:39 AM - edited ‎03-12-2019 01:15 AM

Hi All

Currently I'm trying to establish site to site vpn connection between my two asa (9.1). I tried to run site to site vpn wizard and upon setup completed I do not see any active VPN session on monitoring windows.. I do not see any session on my both Cisco ASA. Attached is the screenshot of my ASA ASDM. 

Below are the detail of my ASA detail:

ASA 1 

Ouside interface: 50.235.136.XXX

Inside Interface: 192.168.2.3

Local network which i want to allow to connect

Local Network: 192.168.1.0 / 255.255.255.0

Remote Network which i want to connect

Remote Network: 10.0.0.0 / 255.0.0.0

ASA 2

Ouside interface: 208.97.252.XXX

inside interface: 10.5.0.3

Local network which i want to allow to connect

Local Network: 10.0.0.0 / 255.0.0.0

Remote Network which i want to connect

Remote Network: 192.168.1.0 / 255.255.255.0

############################################################################

Basically my network being layout as below

Core switch (L3) for office 1 (Cisco ASA1) :

VLAN 100 :192.168.1.0 / 255.255.255.0 (DHCP)

VLAN 101 : 192.168.2.0 /255.255.255.0 (Static)

Cisco ASA1 connected to Core switch on VLAN 101

Core switch (L3) for office 2 (Cisco ASA 2) :

VLAN 100 :10.0.52.0 / 255.255.255.0 (DHCP)

VLAN 101 :10.2.55.0 /255.255.255.0 (DHCP)

VLAN 102 : 10.5.0.3 /255.255.255.0 (Static)

Cisco ASA2 connected to Core switch on VLAN 103

From ASA2 I want to connect network on Cisco ASA1 and ASA1 to ASA2 network.
#####################################################################

InfinityASA# sh crypto isakmp sa

There are no IKEv1 SAs

There are no IKEv2 SAs

Please do let me know if anything wrong here so that i can correct it. Thank you for the help. 

Labels:
Preview file
14 KB
Preview file
12 KB
Preview file
51 KB
0 Helpful
18 Replies 18

Go to solution
shamsul77
Level 1
Level 1
In response to shamsul77

‎09-15-2016 09:19 AM

Wohooooo... I solved the issue.. Thanks for your guide buddy.. really appreciated.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to shamsul77

‎09-15-2016 09:59 AM

You're welcome


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to shamsul77

‎09-12-2016 06:42 PM

Also on ASA 1, the crypto map acl is based only on 192.168.2.0/24. You're missing the 192.168.1.0/24. Add it on the acl

access-list ouside_cryptomap extended permit ip 192.168.2.0 255.255.255.0 object NETWORK_OBJ_10.0.0.0_8


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
shamsul77
Level 1
Level 1
In response to shamsul77

‎09-12-2016 04:21 PM

Can you please advice how to check site to site vpn connection status? when i try to execute below command it do not show any thing except below output

CISCOASA5508-X# show crypto ipsec sa

There are no ipsec sas
CISCOASA5508-X# sh crypto isakmp sa

There are no IKEv1 SAs

There are no IKEv2 SAs

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card