cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
263
Views
0
Helpful
3
Replies

problem with L2L ASA to Router

s_colombo
Beginner
Beginner

We have set  up a VPN between an ASA 5505 and a 1751 router .

That vpn has to replace a previous one between the 1751 and another router .

The VPN is established successfully and I can ping the 1751's internal interface from the ASA's network, but I cannot ping any host behind the 1751 router .

The hosts are fine as they were working before we changed the configuration .

Attached the configuration , I hope some expert can check it and tell me if something wrong.

3 Replies 3

Hi,

If you can PING the 1751's internal IP from the ASA's network, the VPN is fine.

If you cannot PING any host behind the 1751 through the tunnel, the most common cause is a routing issue.

Is the default gateway for the hosts behind the 1751, the inside interface of the 1751?

Federico.

the hosts have a static route for the ASA's subnet , but their default gateway is not the 1751 internal interface

thanks

If you do a traceroute from the hosts on the 1751 side to the ASA's subnet, do they go through the tunnel?

Do you see packets encrypted on the 1751 ''show cry ipsec sa'' for every traffic sent?

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers