Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
2
Replies

ASA to Cisco ISR VPN

nelson-rick
Level 1
Level 1

‎12-18-2014 01:07 PM - edited ‎03-05-2019 12:25 AM

I am having a problem with my VPN tunnel from ASA to ISR.  I just want to assign one ip on my Cisco ISR side to 192.168.96.48 and allow it to only access 192.168.96.101 & 192.168.96.102 on the ASA side.  I also need this tunnel to be bidirectional.

Any assistance would be greatly appreciated.

This is what I tried but no luck.

route-map nonat permit 10
match ip address 134

access-list 134 permit ip  host 192.168.1.244 host 192.168.96.101

access-list 134 permit ip host  192.168.1.244 host 192.168.96.102
ip nat pool ah_pool 192.168.96.48 192.168.96.48 netmask 255.255.255.252
ip nat inside source route-map nonat  pool ah_pool overload

ip nat inside source static 192.168.1.244 192.168.96.101 route-map nonat

ip nat inside source static 192.168.1.245 192.168.96.102 route-map nonat

 

 

Labels:
0 Helpful
2 Replies 2

ghostinthenet
Level 7
Level 7

‎12-19-2014 08:41 AM

Can you post the relevant ISAKMP, IPSec, crypto map and tunnel group settings (feel free to scrub actual addresses and keys) from your ASA? It's a lot easier if we work backwards from what you have.

0 Helpful

nelson-rick
Level 1
Level 1
In response to ghostinthenet

‎12-19-2014 02:20 PM

Sorry for the confusion but I have to create a tunnel with one of my servers (192.168.1.?) using 192.168.96.48 connecting over VPN to 192.168.96.101 & 102. 

In the ASA this is simple but I am not sure how to do this on the ISR.  I don't control the ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card