Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
969
Views
0
Helpful
1
Replies

VPN site-to-site with ASA 5506-X (one with dynamic address)

nicolas.chaigneaud
Level 1
Level 1

‎03-28-2017 03:35 AM - edited ‎03-12-2019 02:08 AM

Hi everybody,

I'm trying to configure a site-to-site VPN tunnel between 2 ASA 5506-X but my VPN never goes up. I don't see active tunnels from ASDM.

The site A has a public static IP address connected to the interface Ge 1/1 and the site B has a dynamic public IP address connected to the interface Ge 1/1. Connectivity to Internet is good as I can ping 8.8.8.8 successfully.

I attached the config files and basic infrastructure schema. Can you please help me in finding my mistakes ?

Thanks in advance for your help

2 people had this problem
Labels:
Preview file
15 KB
Preview file
7 KB
Preview file
7 KB
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-30-2017 07:22 PM

It looks good to me.  Note that VPN will only come up with traffic initiated from site b.

So if a machine (not the ASA) from site b tries to ping something at site A it doesn't work? Do a:

debug crypto isakmp
debug crypto ipsec

on site b and post the output please.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card