Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
777
Views
0
Helpful
1
Replies

IPSec L2L VPN Remote peer is being denied

Taggart.musgrove
Level 1
Level 1

‎03-19-2012 01:36 PM - edited ‎02-21-2020 05:57 PM

We are trying to add an additional LAN-to-LAN IPsec VPN to our network.  We currently have one remote office connected, when we configure the second VPN matching the first the tunnel never begins to establish.  There is an ACL that is dening the static IP for our remote office.

The layout is as follows:

Main office = ASA 5520

Remote Office A = ASA (Unknown Model)

Remote Office B = Adtran Router

All devices have static IP addresses.

We used the ASDM VPN wizard to create both VPN's.

We have created a rule allowing all traffic from our remote office IP, and that had no effect on the VPN aside from eliminating the following message from our logging:

4          Mar 19 2012          15:18:01          106023          67.50.19.230          50234          TWT-hq-e          31326          Deny udp src TWT-outside:67.50.19.230/50234 dst inside:TWT-hq-e/31326 by access-group "outside-in" [0x0, 0x0]

We have verified that both sides are configured the same however the VPN never is initiated so as of right now the ASA is simply blocking all attempts

from our remote office to connect.

Any help is GREATLY appreciated!

Config is attached.

Labels:
124669-running-config-ASA.txt.zip
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎03-26-2012 09:01 AM

Hi,

To my understanding the ASA interface access-list shouldn't affect the L2L-VPN negotiations at all.

Also the log message you have copied to the original post doesnt seem to point to anything VPN specific.

So the ASA to ASA L2L VPN is working but the Router to ASA L2L VPN isn't?

Have you tried debugging the VPN connection and seeing what happens?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents