cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
546
Views
10
Helpful
2
Replies

L2L VPN issue

Enrique Ramirez
Level 1
Level 1

Hello,

I am trying to set up a L2L between two ASAv, but I am having issues and I can't figure out what's wrong with the configuration that I've done.

The topology is very simple, there are two sites, Site A (172.16.1.0/24) and Site B (172.16.2.0/24), the ASAs are able to ping each other through their outside interface and I see phase I correctly negotiated, but for some reason I am not able to pass any traffic from one site to another.

I have attached the specific configuration for this as well an output from the show crypto isakmp  and show crypto ipsec sa.

Any help or advise will be greatly appreciated!

Thanks...

1 Accepted Solution

Accepted Solutions

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

Your Configuration looks like fine but I hope you have missed static route configuration on ASA2   ASA1 or access list to permit traffic. 

Please check your routing and acl or share full configuration. 

Regards,

Deepak Kumar

(Edit: ASA1)

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

2 Replies 2

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

Your Configuration looks like fine but I hope you have missed static route configuration on ASA2   ASA1 or access list to permit traffic. 

Please check your routing and acl or share full configuration. 

Regards,

Deepak Kumar

(Edit: ASA1)

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Found the issue, the subnet on the inside at ASA1 was defined at a /16 so the route for the other subnet was pointing within the ASA. I changed the subnet mask and it worked, thanks for your advise!