Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
5
Helpful
1
Replies

Site to Site VPN problem

vamos_fernholz
Level 1
Level 1

‎03-14-2017 04:30 AM

Hi,

I'm trying to set up a site to site vpn.

Site A (local): 192.168.2.0/24, external IP 81.14.x.x. (CISCO ASA 5512)

Site B (remote): 192.168.5.0/24, dynamic external IP

IPsec Tunnel comes up nicely, data is transferred both ways.

I can't ping all of my servers from the remote site tho. Pinging some servers just flawlessly works, tracert shows [IP of ROUTER] - [SERVER]. Pings to several LAN servers ping out - I can ping them fine from the inside.

I assigned a connection profile to the site to site connection which I succesfully use for my anyconnect clients. It is working fine there, everything is pingable.

- If I do a packet trace from 192.168.2.x on the INSIDE interface 192.168.5.x everything is allowed.
- If I do a packet trace from the OUTSIDE interface from 192.168.5.x to 192.168.2.x EVERYTHING is dropped (ipsec-tunnel-flow Action DROP). The strange thing is, I can ping 192.168.2.1 from 192.168.5.29 directly - but pinging 192.168.2.201 times out. It works from the inside tho.

Labels:
0 Helpful
1 Reply 1

vamos_fernholz
Level 1
Level 1

‎03-15-2017 03:38 AM

Fixed it - some servers had a different gateway. I added a static route with the ASA as gateway, now it works.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents