cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
193
Views
0
Helpful
1
Replies

Site to Site VPN from ASA5520 not working

Ge Qu
Beginner
Beginner

Hi,

I implemented a site to site VPN to another site and when I do "sh crypto isakmp sa", I see the peer showing and state is active.

My basic setting is to have my internal IPs nated to an public IP and there is an access list to allow all the traffice going to another site nated and transferred via the VPN tunnel but it's not working.

When I try to access anything that is supposed to reach via VPN, it's not going and always use the local address instead of nat to the global IP.

There is only one loopback IP that used for testing can be reached via VPN tunnel and I see the NAT is working well.

I have no idea where to start to trouble shoot.

Please help.

Thank you.

1 Accepted Solution

Accepted Solutions

JP Miranda Z
Cisco Employee
Cisco Employee

Hi Ge Qu,

You can start the ip nat translations and making sure the nat is being used, also you can check the sh crypto ipsec sa to make sure the traffic is being encrypted and decrypted.

You can attach a sanitized config here so i can take a look.

Hope this info helps!!

Rate if helps you!! 

-JP-

View solution in original post

1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

Hi Ge Qu,

You can start the ip nat translations and making sure the nat is being used, also you can check the sh crypto ipsec sa to make sure the traffic is being encrypted and decrypted.

You can attach a sanitized config here so i can take a look.

Hope this info helps!!

Rate if helps you!! 

-JP-

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers