Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I set up a tunnel from an ASA called SALMONARM to a Cisco 1921 called PG-1921.I bring up the tunnel by sending some "interesting traffic".From PG-1921, I run show crypto isakmp sa, and an entry for the tunnel is present, with status ACTIVE. I do the ...
I have two ASAs.The first one gets its WAN IP via DHCP. The second one is static. Therefore my aim is a dynamic tunnel.Here is the configuration for the first: http://pastebin.com/raw.php?i=guGPmjEUAnd the second: http://pastebin.com/raw.php?i=djsPsb...
I'm trying to set up a site-to-site VPN tunnel between an ASA 5505 (which gets it's WAN IP via DHCP), and a Cisco 1921 (which has a static WAN IP).So since the ASA gets its IP dynamically, I'm trying to create a dynamic tunnel. ASA 5505 config: http:...
I have two routers, an ASA 5505 and a Cisco 1921.Here are the configs:ASA http://pastebin.com/raw.php?i=sNXw45Ci1921 http://pastebin.com/raw.php?i=mrPfdbnKASA inside subnet is 10.45.0.0/161921 inside subnet is 10.70.0.0/16Here is the debug output on ...
I have an ASA 5505 (config) and I can SSH to the device when I'm on the inside network, but not from the internet using the IP of the outside interface.Why not?The solution was: the client was confidently telling me the wrong outside IP address. With...
No, there are no routers behind the ASA.Yes, I am pinging from the ASA itself, in the fashion ping inside 10.70.4.17.Although, I hadn't run the command management-access inside. So, I ran it and tried to ping again.And it seems that now I can ping ac...
Hi William.Yes, the traffic to 10.45.0.0, from the 1921, should be going out the primary ISP interface, the same interface the tunnel should be established over.Hmm. Sounds like the problem happens before that point however: why is there no encaps on...
I added the ACL like you suggested, however the issue persisted. I ended up giving Cisco support a call, and this is what ended up being the final bit that got it working. Although I'm not entirely sure why.Thanks for all your help. I really apprecia...
I ran the following on VMON-ASA:
no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
Then I sent some interesting traffic and the tunnel came up!
Thank you!!
No, because "crypto map ___ 21" on the second ASA references that access-list. And crypto map 21 is a static map. This tunnel we're discussing is dynamic. Any other ideas?
.png "Mike Williams"){kind=avatar}
