11-22-2016 01:33 AM - edited 02-21-2020 09:03 PM
Hi an easy one for somebody !
Have set up a VPN to a third party - remote ED is a 10.254.x.x address ....internal network is 10.0.0.0 0.0.0.255 .
The VPN does not start
I am sure the VPN is actually configured correctly and with an in /out acl which is in order .
I can see my ping packet in logs on the inside interface
I have added rules ( not that I think these are needed )
Do I need to add a route 10.254.x.x 255.255.255.255 is via the remote peer address ? or I a missing something else ?
Ta
11-22-2016 05:19 AM
Hi,
what about the devices in the focus?
ASA router?!
regards
11-22-2016 08:07 AM
Hi not sure what you are asking
I have changed the VPN remote ED to a 192.x.x.x address so there is no conflict in IP addressing - my asa does not seem to process the packet to VPN - it seems to treat it as a genuine outbound packet and sends out of outside interface - think im missing something fundamental for outbound VPN to trigger - its not teh acl thats right
regards
11-22-2016 08:13 AM
We do not have enough information to be able to identify what is the problem. If you will provide details of the configuration we might be able to help you find the issue. As a starting point you certainly need to be sure that the routing logic is sending traffic to the remote end through the interface that has the VPN. That might need a specific static route or it might be taken care of by the existing default route. Till we see some config details we can not know which it would be.
HTH
Rick
11-22-2016 08:53 AM
HI Richard
here is the config - if i do a packet tracer source- destination it follows a standard rule and gets dropped - no xlate . All inbound vpns work 100% . This is the first outbound tunnel initialization on this asa.
nothing in crypto-map
and packet tracer output ( see below )
sh access-list Outside_cryptomap_2
access-list Outside_cryptomap_2; 1 elements; name hash: 0x11f62eb
access-list Outside_cryptomap_2 line 1 extended permit ip object Server-Telephonetics object Net-TelephoneticsSource (hitcnt=0) 0xd923d0f3
access-list Outside_cryptomap_2 line 1 extended permit ip host 10.128.70.17 host 192.0.2.100 (hitcnt=0) 0xd923d0f3
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide