Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
1
Replies

Site to Site VPN from ASA5520 not working

Go to solution
Ge Qu
Level 1
Level 1

‎03-07-2017 12:46 PM

Hi,

I implemented a site to site VPN to another site and when I do "sh crypto isakmp sa", I see the peer showing and state is active.

My basic setting is to have my internal IPs nated to an public IP and there is an access list to allow all the traffice going to another site nated and transferred via the VPN tunnel but it's not working.

When I try to access anything that is supposed to reach via VPN, it's not going and always use the local address instead of nat to the global IP.

There is only one loopback IP that used for testing can be reached via VPN tunnel and I see the NAT is working well.

I have no idea where to start to trouble shoot.

Please help.

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎03-07-2017 12:55 PM

Hi Ge Qu,

You can start the ip nat translations and making sure the nat is being used, also you can check the sh crypto ipsec sa to make sure the traffic is being encrypted and decrypted.

You can attach a sanitized config here so i can take a look.

Hope this info helps!!

Rate if helps you!! 

-JP-

View solution in original post

0 Helpful
1 Reply 1

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎03-07-2017 12:55 PM

Hi Ge Qu,

You can start the ip nat translations and making sure the nat is being used, also you can check the sh crypto ipsec sa to make sure the traffic is being encrypted and decrypted.

You can attach a sanitized config here so i can take a look.

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful
Customers Also Viewed These Support Documents