Issue with Site-Site IPSec Tunnel with ASA 5510 and Cisco IOS Router

Ramu Ch · ‎11-29-2010

Dear Team,

In our organisation we have established Site-Site IPSec Tunnel Successfully . At my END we have used Cisco ASA 5510 firewall used and other END ,used Cisco 1700 series Router. The Network scenario in Block is follows

MY END OTHER END

LAN ------> ASA Firewall -----> Internet Router ----> Internet -------> Cisco 1700 Router ------. LAN.

The Remark Points are :

1) From My PC ( default Gateway is ASA Firewall VPN ) , i am able to ping other END IP address & can https/ https requests

2) From Other END PC ( default Gateway is Cisco Router VPN ), he can ping to my resources like mail server & FTP server ,which are my LAN resources,but he unable to send & receive mails ( POP3/SMTP) & FTP service Etc.

3) FYI , Tunnel esablshed successfully

Pls guide me what is the wrong in my configuration as he is unable to access the LAN resources. I have attached my ASA firewall configuration ,Pls check and let me know the issue

Regards

Ramu

ajhaldiy · ‎11-30-2010

HI Ramu,

Hope you are doing fine,

I checked the configuation that you have attached and it looks fine to me

Could you please configure following captures on the ASA

access-list test per ip host host

capture vpn access-list test interface inside packet-length 1522

capture drop type asp-drop all

After configuring these captures telnet on port 25 and 21 to the server.

Issue show cap vpn and show cap drop to get the output of the captures.

Also check the logg messages on the ASA while you telnet

Make sure that there is no Policy based routing configured on the router for SMTP and FTP

Regards

Ashish