11-24-2010 08:51 AM
ASA 1 with VPN to ASA 2. Private WAN behind ASA 2 that I can't seem to reach from ASA 1. Has to be something obvious I'm missing, as I can talk ASA to ASA and ASA1 can talk to WAN....
Map attached. Sanitized configs....
ASA 1
ASA Version 7.2(4)
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.72.1 255.255.248.0
!
access-list 100 extended permit ip 10.0.72.0 255.255.248.0 10.0.0.0 255.255.248.0
access-list 100 extended permit ip 10.0.72.0 255.255.248.0 10.0.16.0 255.255.248.0
access-list nonat extended permit ip 10.0.72.0 255.255.248.0 10.0.0.0 255.255.248.0
access-list nonat extended permit ip 10.0.72.0 255.255.248.0 10.0.16.0 255.255.248.0
access-list 102 extended permit udp any any eq isakmp
access-list 102 extended permit esp any any
access-list 102 extended permit icmp any any
!
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 68.x.x.1 1
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto map outside_map 20 match address 100
crypto map outside_map 20 set peer 72.x.x.210
crypto map outside_map 20 set transform-set myset
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
!
tunnel-group 72.x.x.210 type ipsec-l2l
tunnel-group 72.x.x.210 ipsec-attributes
pre-shared-key *
11-24-2010 09:39 AM
The Cisco router on the WAN side having IP address 10.0.16.1/21 should either have the route to 10.0.72.0 pointing towards 10.1.1.1/30 or should have the default route pointing towards 10.1.1.1/30.
The Cisco router having ip address 10.1.1.1/30 should either have the route for 10.0.72.0 towards ASA 10.0.0.56 or its default gateway should be towards ASA.
Please check the routing on the internal network (WAN) for 10.0.72.0 if the tunnel is up.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide