02-15-2023 08:15 PM - edited 02-15-2023 08:16 PM
Hello.
GIVEN:
172.16.3.0/24(CSRV1000)2.2.2.2===tunnel===1.1.1.1(ASA5525)172.16.8.1/24---172.16.9.1/24 (SERVER1)
My L2L tunnel is up. Encrypted packets are evident. Servers can NOT communicate.
Tunnel ACL endpoint is 172.16.9.0/24. NAT translates 172.16.8.1 to 1.1.1.1
My guess is I need to implement a route so packets can reach back to the remote server.
What is troubleshoot next step? How can I verify I need a return route?
Thank you.
Solved! Go to Solution.
02-16-2023 12:20 AM - edited 02-16-2023 12:24 AM
@jmaxwellUSAF obviously the remote server would need to know how to reach the other server. If the servers default gateway is the device terminating the VPN then it should know how to reach the remote end of the tunnel.....unless there are other routing devices in your network and traffic is sent in another direction?
Provide a topology diagram and information on routing.
Provide the ouput of "show crypto ipsec sa" from both the CSR1000V and ASA - looking to confirm the encap|decaps counters are increasing on both sides.
Run packet-tracer from the ASA and provide the output.
02-16-2023 12:14 AM
post the config or check the below guide for ACL :
02-16-2023 12:20 AM - edited 02-16-2023 12:24 AM
@jmaxwellUSAF obviously the remote server would need to know how to reach the other server. If the servers default gateway is the device terminating the VPN then it should know how to reach the remote end of the tunnel.....unless there are other routing devices in your network and traffic is sent in another direction?
Provide a topology diagram and information on routing.
Provide the ouput of "show crypto ipsec sa" from both the CSR1000V and ASA - looking to confirm the encap|decaps counters are increasing on both sides.
Run packet-tracer from the ASA and provide the output.
02-16-2023 09:10 AM
The problem was a bad return route.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide