Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
5
Helpful
1
Replies

Site to Site VPN problem

vamos_fernholz
Level 1
Level 1

‎03-14-2017 04:30 AM

Hi,

I'm trying to set up a site to site vpn.

Site A (local): 192.168.2.0/24, external IP 81.14.x.x. (CISCO ASA 5512)

Site B (remote): 192.168.5.0/24, dynamic external IP

IPsec Tunnel comes up nicely, data is transferred both ways.

I can't ping all of my servers from the remote site tho. Pinging some servers just flawlessly works, tracert shows [IP of ROUTER] - [SERVER]. Pings to several LAN servers ping out - I can ping them fine from the inside.

I assigned a connection profile to the site to site connection which I succesfully use for my anyconnect clients. It is working fine there, everything is pingable.

- If I do a packet trace from 192.168.2.x on the INSIDE interface 192.168.5.x everything is allowed.
- If I do a packet trace from the OUTSIDE interface from 192.168.5.x to 192.168.2.x EVERYTHING is dropped (ipsec-tunnel-flow Action DROP). The strange thing is, I can ping 192.168.2.1 from 192.168.5.29 directly - but pinging 192.168.2.201 times out. It works from the inside tho.

Labels:
0 Helpful
1 Reply 1

vamos_fernholz
Level 1
Level 1

‎03-15-2017 03:38 AM

Fixed it - some servers had a different gateway. I added a static route with the ASA as gateway, now it works.

Customers Also Viewed These Support Documents