07-17-2015 06:44 PM
Hi,
I have a Site to site VPN configured from a CISCO ASA 5512X to a Cisco ASR router. ASA inside network is 10.10.1.1/24 and the other end has 10.10.20.0/24. VPN tunnel is established and the traffic flows from ASR to CISCO ASA but the reverse is not working. I have attached the config, can you guys help me understand what is it I am missing?
I get an error deny udp src SRVR_VLAN:10.10.1.5 dest:WAN_ISP:10.10.20.10 by access-group "SRVR_VLAN_acces_in"
07-18-2015 01:15 AM
nat (SRVR_VLAN,WAN-ISP) source static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp route-lookup -----includes my inside network, outside network nat (SRVR_VLAN,WAN-ISP) source static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 destination static DM_INLINE_NETWORK_10 DM_INLINE_NETWORK_10 no-proxy-arp route-lookup
Are either of the NAT statements above the Twice NAT / NAT exempt statements for the VPN traffic? If not then you need to add a twice NAT statement for your VPN traffic.
--
Please remember to select a correct answer and rate helpful posts
07-30-2015 12:50 PM
Hi,
Thanks for your reply. Looks like I have missed inside interface ACL. After creating the ACL, it works fine.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: