02-08-2016 06:19 PM - edited 03-12-2019 12:15 AM
Hi All,
I have been working on two ASA550s trying to get the site to site working I get no output at all.
sh crypto isakmp sa
There are no IKEv1 SAs
There are no IKEv2 SAs
I have followed all guides etc but nothing seems to work. My set up is a 1841 router in between the two ASA 5550s connecting the two outside interfaces, Site A connects to a switch on the inside interface and site B connects to my laptop on the inside interface.
No reason why this shouldn't suffice right.
Configs attached. Code running is 8.4.7 (29)
I can't see any issues but would appreciate it if anyone could point any out.
Thanks
Alex
02-08-2016 06:30 PM
On site b change this:
access-list VPN extended permit ip object Site_B object Site_A
access-list VPN extended permit icmp object Site_B object Site_A
access-list VPN extended permit ip object Site_A object Site_B
to:
access-list VPN extended permit ip object Site_B object Site_A
On site a change this:
access-list VPN extended permit ip object Site_Aobject Site_B
access-list VPN extended permit icmp object Site_Aobject Site_B
access-list VPN extended permit ip object Site_B object Site_A
to:
access-list VPN extended permit ip object Site_A object Site_B
02-08-2016 06:33 PM
Do the pre-shared keys definitely match?
I'm not sure you can ping the firewalls inside interface on the remote side. Try pinging the switch behind it or another machine.
If still not working, post the output while trying to do a ping:
debug crypto ikev1 (or if running old code "debug crypto isakmp")
debug crypto ipsec
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide