Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
10
Helpful
2
Replies

L2L VPN issue

Go to solution
Enrique Ramirez
Level 1
Level 1

‎04-15-2017 04:25 AM

Hello,

I am trying to set up a L2L between two ASAv, but I am having issues and I can't figure out what's wrong with the configuration that I've done.

The topology is very simple, there are two sites, Site A (172.16.1.0/24) and Site B (172.16.2.0/24), the ASAs are able to ping each other through their outside interface and I see phase I correctly negotiated, but for some reason I am not able to pass any traffic from one site to another.

I have attached the specific configuration for this as well an output from the show crypto isakmp  and show crypto ipsec sa.

Any help or advise will be greatly appreciated!

Thanks...

Labels:
Preview file
9 KB
Preview file
9 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎04-15-2017 04:51 AM

Hi,

Your Configuration looks like fine but I hope you have missed static route configuration on ASA2   ASA1 or access list to permit traffic. 

Please check your routing and acl or share full configuration. 

Regards,

Deepak Kumar

(Edit: ASA1)

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

2 Replies 2

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎04-15-2017 04:51 AM

Hi,

Your Configuration looks like fine but I hope you have missed static route configuration on ASA2   ASA1 or access list to permit traffic. 

Please check your routing and acl or share full configuration. 

Regards,

Deepak Kumar

(Edit: ASA1)

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Go to solution
Enrique Ramirez
Level 1
Level 1
In response to Deepak Kumar

‎04-15-2017 05:33 PM

Found the issue, the subnet on the inside at ASA1 was defined at a /16 so the route for the other subnet was pointing within the ASA. I changed the subnet mask and it worked, thanks for your advise!

Customers Also Viewed These Support Documents