08-21-2012 07:46 AM
Hello all,
I done some searching to find where my mistake is, but I have come up empty so I was hoping someone might be able to shed some light on the situation. I recently just upgraded an ASA from 8.2 up to 8.4 (8.4(4)1 to be specific). We have two site-to-site VPNs coming into the ASA and one of the VPNs came up and the other did not. It looks like it is not even getting to the isakmp exchange. However I noticed that one ASA is setup with the crypto map that points to a ACL using and object-group and the one that is working uses a crypto map that points to an object network. Should the auto convertion process of upgrading the code converted the object-group to an object network or is this still a valid way to define interesting traffic on the ASA?
Also for my NAT statement to exempt traffic I have seen many people using the identity nat without the no-proxy-arp and route-lookup additions and some with. Which is the correct way in 8.4? Any information would be very much appreciated!
Best Regards,
Alan
Solved! Go to Solution.
08-21-2012 08:11 PM
Hello Alan,
The route-lookup is for a bug when you are unable to ping the inside interface from the other side of the tunnel.
Now as long as the crypto ACL is properly set does not matter if you are using one of the other...
You can share both site to site configs and I can check them if you like
Please rate all the helpful posts
Julio
08-21-2012 08:11 PM
Hello Alan,
The route-lookup is for a bug when you are unable to ping the inside interface from the other side of the tunnel.
Now as long as the crypto ACL is properly set does not matter if you are using one of the other...
You can share both site to site configs and I can check them if you like
Please rate all the helpful posts
Julio
08-22-2012 04:53 AM
Hi Julio,
Thanks for the response I rechecked the crypto map acls and discovered they were not the same on both end of the VPN tunnel. There was also a routing problem so traffic wasn't necessarily routing properly to the VPN tunnel. Thanks for your suggestion it helped!
Best Regards,
Alan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide