03-27-2013 05:34 AM
I will appreciate some assisstance.
I had site to site working at some point but not any more. Sice the devices are newly commissioned, i did a reset and applied config again but no joy.
Kindly see configs attached.
I cannot bring up the tunnels at the moment
03-27-2013 08:04 AM
I have disabled Firewall on clients connected to both ASAs and tnnels are up and running, pinging from both internal addresses and getting responses.
Surprising!!!
03-29-2013 02:57 PM
Hi,
Can you run the "Debug crypto isa 250" and attached that output.
after doing the debug please try to bring the tunnel up.
03-29-2013 05:07 PM
Hello,
The configuration looks good ( Refering to the phase 1 and phase 2 configuration that we can see, The only thing that we cannot determine here is whether the IP addresses set on the peer and tunnel group statements are the right ones and finally the pre-shared key)
So make sure you have the right IP addreses ( You are getting IP address via IPCP so make sure you are using the right one)
Then try to ping the other side.
If connectivity from both sides outside interface IP addresses is fine, I would suggest to check the preshared key
more-system running-config | begin tunnel
Then if you see a match in that as well I would recommend what the user techdata suggested,
A debug crypto isa 255 and then generate traffic across the tunnel
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide