Hi,
I have configured a site-to-site vpn between to sites: A and B.
Site B (172.19.16.0/20) can't ping the inside interface of the Site_B's firewall (192.168.13.254)
Can you help me to set the inside interface as pingable (192.168.13.254)
Result of the command: "show running-config"
: Saved
:
ASA Version 9.1(1)
!
hostname asasba
enable password 9U./y4ITpJEJ8f.V encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.13.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.254 255.255.255.0
!
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone CET 1
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network vpn_inside_site_a
subnet 192.168.13.0 255.255.255.0
object network vpn_inside_site_b_172.19.16.0_20
subnet 172.19.16.0 255.255.240.0
object network vpn_inside_b_2
subnet 172.18.8.0 255.255.248.0
object network vpn_inside_site_b_3
subnet 172.18.16.0 255.255.248.0
object network vpn_inside_site_b_172.18.32.0_19
subnet 172.18.32.0 255.255.255.240
object network vpn_inside_site_b_172.18.8.0_21
subnet 172.18.8.0 255.255.248.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_1
network-object object vpn_inside_site_b_172.19.16.0_20
network-object object vpn_inside_site_b_172.18.8.0_21
network-object object vpn_inside_site_b_172.18.32.0_19
object-group network DM_INLINE_NETWORK_2
network-object object vpn_inside_site_a
network-object object vpn_inside_site_b_172.18.32.0_19
network-object object vpn_inside_site_b_172.18.8.0_21
network-object object vpn_inside_site_b_172.19.16.0_20
network-object object vpn_inside_site_b_3
object-group network DM_INLINE_NETWORK_3
network-object object vpn_inside_site_a
network-object object vpn_inside_site_b_172.18.32.0_19
network-object object vpn_inside_site_b_172.18.8.0_21
network-object object vpn_inside_site_b_172.19.16.0_20
network-object object vpn_inside_site_b_3
access-list inside_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object vpn_inside_site_a object-group DM_INLINE_NETWORK_1
access-list outside_access_in extended permit ip any any
pager lines 24
logging enable
logging console informational
logging buffered debugging
logging asdm debugging
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-711-52.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,any) source static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp
nat (inside,outside) source static vpn_inside_site_a vpn_inside_site_a destination static vpn_inside_site_b_172.19.16.0_20 vpn_inside_site_b_172.19.16.0_20 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static vpn_inside_site_b_172.19.16.0_20 vpn_inside_site_b_172.19.16.0_20 no-proxy-arp route-lookup
nat (any,any) source static vpn_inside_site_a vpn_inside_site_a destination static vpn_inside_site_b_172.19.16.0_20 vpn_inside_site_b_172.19.16.0_20 no-proxy-arp
nat (any,any) source static vpn_inside_site_b_172.19.16.0_20 vpn_inside_site_b_172.19.16.0_20 destination static vpn_inside_site_a vpn_inside_site_a no-proxy-arp
!
object network obj_any
nat (inside,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic any interface
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer Site_B_Public_IP
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 1 set ikev2 pre-shared-key *****
crypto map outside_map 1 set validate-icmp-errors
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption 3des
integrity md5
group 2
prf md5
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable inside
crypto ikev2 enable outside
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet 0.0.0.0 0.0.0.0 outside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.13.100-192.168.13.227 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy GroupPolicy_Site_B_Public_IP internal
group-policy GroupPolicy_Site_B_Public_IP attributes
vpn-tunnel-protocol ikev1 ikev2
username aaaaa password 8tvZ.dnj3Qi0cBv5 encrypted privilege 15
tunnel-group Site_B_Public_IP type ipsec-l2l
tunnel-group Site_B_Public_IP general-attributes
default-group-policy GroupPolicy_Site_B_Public_IP
tunnel-group Site_B_Public_IP ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
!
!
policy-map global-policy
class class-default
user-statistics accounting
!
service-policy global-policy global
pop3s
server pop.gmail.com
default-group-policy DfltGrpPolicy
smtps
port 587
server smtp.gmail.com
default-group-policy DfltGrpPolicy
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:253c1ca11ee52b6a6a4bf5e33153f275
: end
Can you please help me ?
