Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3380
Views
0
Helpful
16
Replies

Site to Site VPN no traffic.

Go to solution
Shaun McCloud
Level 1
Level 1

‎10-08-2013 12:12 AM

Hello,

I have been having an issue with my connection to my vendor, and we can not figure it out for the life of us. We have the tunnel up, we just can not ping either side of it.(as you can tell from the post time, I am at a loss).

The goal is for our site to pass all traffic through to the vendor so they can route it out to the internet through the rest of thier network.

As I said, the tunnel is up, just does not seem to be passsing any traffic, or at least any real traffic, I believe the keep alives are passing.

Labels:
0 Helpful
16 Replies 16

Go to solution
Shaun McCloud
Level 1
Level 1
In response to Jouni Forss

‎10-09-2013 06:02 AM

The static nat config was on our router that  handled our T1s, and is no longer in the network path in any way.

Correct me if I am wrong, but the static nats should now be placed on our vendor side external Firewall?

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Shaun McCloud

‎10-09-2013 06:09 AM

Hi,

At the moment your sites ASA is configured so that it will perform NAT for all users/hosts on the LAN network. This will in turn mean that all traffic with NAT0 configuration will match the L2L VPN rule and therefore will be forwarded to the L2L VPN connection.

So if the setup is like mentioned above or it is required to be kept that way then it would essentially mean that the public IP address space used on your site before would have to be used on the Vendor sites Internet edge device as you mention.

What I am wondering is if the Vendor site and your site are using the same ISP?

If not then I doubt it that you could move than public IP address space from your site to the Vendor site. It might mean that your servers that are located at your site would need a Static NAT to a new public IP address on the Vendor site.

If on the other hand you would be fine with having these servers traffic through your sites Internet connection then you could perhaps configure the NAT0 so that it WOULD NOT match these servers and these servers would then be Static NATed on your site and would use its connection directly and NOT use the L2L VPN to Vendor site.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents