03-19-2012 01:36 PM - edited 02-21-2020 05:57 PM
We are trying to add an additional LAN-to-LAN IPsec VPN to our network. We currently have one remote office connected, when we configure the second VPN matching the first the tunnel never begins to establish. There is an ACL that is dening the static IP for our remote office.
The layout is as follows:
Main office = ASA 5520
Remote Office A = ASA (Unknown Model)
Remote Office B = Adtran Router
All devices have static IP addresses.
We used the ASDM VPN wizard to create both VPN's.
We have created a rule allowing all traffic from our remote office IP, and that had no effect on the VPN aside from eliminating the following message from our logging:
4 Mar 19 2012 15:18:01 106023 67.50.19.230 50234 TWT-hq-e 31326 Deny udp src TWT-outside:67.50.19.230/50234 dst inside:TWT-hq-e/31326 by access-group "outside-in" [0x0, 0x0]
We have verified that both sides are configured the same however the VPN never is initiated so as of right now the ASA is simply blocking all attempts
from our remote office to connect.
Any help is GREATLY appreciated!
Config is attached.
03-26-2012 09:01 AM
Hi,
To my understanding the ASA interface access-list shouldn't affect the L2L-VPN negotiations at all.
Also the log message you have copied to the original post doesnt seem to point to anything VPN specific.
So the ASA to ASA L2L VPN is working but the Router to ASA L2L VPN isn't?
Have you tried debugging the VPN connection and seeing what happens?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide