Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
912
Views
0
Helpful
0
Replies

site-to-site Issue with Cisco ASA on AWS

pinkfloyd1272
Level 1
Level 1

‎08-08-2020 05:36 PM

Hi Community, 

 

please let me know if this place is accordingly for my issue or needs to be moved.

 

I've configured a Cisco ASA on AWS, this appliance has 3 networks ( mgmt - inside -outside ), those interfaces with source/dest check disabled and outside interface with an EIP (elastic public IP from AWS ) assigned.


I found an issue trying to create a site to site tunnel with a colaborator, the tunnel fails using my EIP and this person was forced to configure the private gw address of my outside interface as remote peer to have the tunnel up and running. Since he was receiving this log in his appliance. 

"Peer\'s ID payload 172.16.253.253 (type ipaddr) does not match a configured IKE gateway" (message from his side)

 
I deployed another ASA trying to duplicate this situation and generating a site-to-site tunnel between my deployed ASAs, but i wasnt able to duplicate since my second ASA see the correct remote peer ( EIP from AWS - on outside interface )

Since i'm a roockie , I'm wondering if you had a similar experience, if it's something wrongly configured from my side that needs to be remediated or its a complete normal behavior. It was something weird for me saw my colaborator logs showing my private gw ip address instead my EIP. 

 

regards

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card