Re: Site to Site VPN to Oracle Cloud

sreeraj.murali · ‎09-24-2019

Hi Experts,

Trying to setup Site to Site VPN from Onpremise ASA to Orace Cloud. As per the Oracle consultants, configuration is already done on the Oracle Cloud end. I have done the configuration on onpremise ASA as well, with ASA Site to Site VPN "simple" configuration wizard. I am attaching related configuration.

I am not seeing an output for the "show crypto isakmp sa" command. Require assistance in verifying the configuration on ASA end is complete and proper. Also, kindly let me know, the "debug" command to troubleshoot the issue with peer Cloud end.

Thanks in advance

Sreeraj Murali

Rob Ingram · ‎09-24-2019

Hi,
Please enable debugs (syntax below) and then generate some interesting traffic to trigger the establishment of the tunnel. Please upload the output of the debugs for review

IKEv1:
debug crypto ikev1

IKEv2:
debug crypto ikev2 platform
debug crypto ikev2 protocol

sreeraj.murali · ‎09-24-2019

Thanks. Generated interesting traffic. Capture the said "debugs".

Attaching the CLI and ASDM logs. Please guide.

Thanks in advance

Sreeraj Murali

Rob Ingram · ‎09-24-2019

Please provide the configuration for the crypto map acl - OUTSIDE-199.116.129.0-NET_cryptomap_1

Can you provide the configuration of the other end of the VPN? Have you double checked the ACLs match exactly?

sreeraj.murali · ‎09-24-2019

Need to verify with the peer end that, the crypto ACL is matching. Waiting for remote end technicians response.

Thanks

sreeraj.murali · ‎09-26-2019

Hi,

Thanks, The Crypto ACL was not mirror image and PFS option was not negotiating, set the same correctly and it works good now.

sreeraj.murali · ‎09-24-2019

Hi,

Have shared the debug outputs. Please check and suggest.

Thanks

Sreeraj