cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
604
Views
0
Helpful
2
Replies
mirage__SK
Beginner

Asa 5510 Remote access VPN issue

Hi all!!!

I need organize 2 type of access between 2 asa 5510 - site 2 site and Remote access. VPN Peers are same for both situation.

One of peers has IP address 1.1.1.1 and another has 2.2.2.2 ( sw version 9.1(3) )

peer 1.1.1.1 has 192.168.1.0/24 network and peer 2.2.2.2 has 172.16.1.0/24 (interface inside) and 172.16.2.0/24 (interface DMZ).

Need following configuretion:

192.168.1.0/24  must have access to 172.16.1.0/24 via Site 2 Site VPN

also 192.168.0.24 need access to 172.16.2.0/24 via RA vpn.

When I configure ONLY ONE TYPE VPN Tunnel, it works, but I need BOTH TYPE VPN at same time.

In Log windew I see following errors:

%ASA-6-713905: Group = UserGroup, Username = User, IP = A.A.A.A,    Skipping dynamic map SYSTEM_DEFAULT_CRYPTO_MAP sequence 65535: cannot    match peerless map when peer found in previous map entry.

%ASA-3-713061:    Group = UserGroup, Username = User, IP = A.A.A.A, Rejecting IPSec    tunnel: no matching crypto map entry for remote proxy   172.16.2.0/255.255.255.0//0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on    interface outside

2.2.2.2 Asa upgrade done short time ago, there was sw 8.2(x) verson before, and both VPN was worked correctly, after upgrade I have reseived erros above.

How can I solve this issue? (SSL VPN not a solution, IPSEC is required).

Thanks in advance.

2 REPLIES 2
mirage__SK
Beginner

No ideas ?

mirage__SK
Beginner

Solved.

Static Nat is solution.

I have created rule as follows:

nat (inside,outside) source static 192.168.1.0_24  2.2.2.2 destination static 172.16.1.0_24 172.16.1.0_24 no-proxy-arp

Content for Community-Ad