07-17-2015 06:44 PM
Hi,
I have a Site to site VPN configured from a CISCO ASA 5512X to a Cisco ASR router. ASA inside network is 10.10.1.1/24 and the other end has 10.10.20.0/24. VPN tunnel is established and the traffic flows from ASR to CISCO ASA but the reverse is not working. I have attached the config, can you guys help me understand what is it I am missing?
I get an error deny udp src SRVR_VLAN:10.10.1.5 dest:WAN_ISP:10.10.20.10 by access-group "SRVR_VLAN_acces_in"
07-18-2015 01:15 AM
nat (SRVR_VLAN,WAN-ISP) source static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp route-lookup -----includes my inside network, outside network nat (SRVR_VLAN,WAN-ISP) source static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 destination static DM_INLINE_NETWORK_10 DM_INLINE_NETWORK_10 no-proxy-arp route-lookup
Are either of the NAT statements above the Twice NAT / NAT exempt statements for the VPN traffic? If not then you need to add a twice NAT statement for your VPN traffic.
--
Please remember to select a correct answer and rate helpful posts
07-30-2015 12:50 PM
Hi,
Thanks for your reply. Looks like I have missed inside interface ACL. After creating the ACL, it works fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide