05-21-2012 06:06 AM
This is our actual Internal LAN address: 10.40.120.0/26 (Internal Range) and I want to translate to
Translated address: 10.254.9.64.255.255.255.192(Internal)
Our remote local address is: 10.254.5.64 255.255.255.192(Remote site Internal Ip add range)
Based on above parameters I done this configuration
access-list outside_cryptomap permit ip 10.254.9.64 255.255.255.192 10.254.5.64 255.255.255.192
access-list policy-nat permit ip 10.40.120.0 255.255.255.192 10.254.5.64 255.255.255.192
static (inside,outside) 10.254.9.64 access-list policy-nat
I got all the Phase1 and Phase 2 parameters required and peer public ip add,
I had set up vpn using ASDM before but this scenario is new for me, all I am wondering is there anything I need to configure to succesfully setup VPN
Solved! Go to Solution.
05-28-2012 06:27 PM
If you are seeing TX increasing but not RX that means traffic is being sent to the remote end however there is no reply.
I would suggest that you check in with the remote VPN end to see where the problem is. Most likely it is issue on the remote end.
05-30-2012 02:36 PM
Can you please remove the following:
static (inside,outside) 10.254.7.64 access-list policy-nat
and change it to:
nat (inside) 5 access-list policy-nat
global (outside) 5 10.254.7.64
Then "clear xlate" again.
05-21-2012 06:10 AM
Both NAT and crypto ACL has been correctly configured.
Which phase is the VPN failing at? can you run some debugs and share the debug output?
05-22-2012 04:33 AM
Thank you so much Jenni, I will update you asap
05-28-2012 11:51 AM
Hi
Thanks a lot jenni done exactly the above and from the following link http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml
The VPN is up as we are able to see the interesting traffic but Tx= is increasing and Rx=0 ? dont know what is going wrong, moreover far site is only accepting RDP access from our site and I am not able to access it? I am wondering do i need to do any additional configuration apart from the above to get RDP access
Assistance appreciated guys please
05-28-2012 06:27 PM
If you are seeing TX increasing but not RX that means traffic is being sent to the remote end however there is no reply.
I would suggest that you check in with the remote VPN end to see where the problem is. Most likely it is issue on the remote end.
05-30-2012 03:01 AM
Hi mate,
yeah issue on far site they arent allowing access to the port we are trying to access, and they made it up and we are good to g now,
One thing I am worried is only one IP add is able to access the resources, I mean i created an add range of 192.168.x.0/26, however only 192.168.x.3 one of our server is able to access the far site, havent got a clue
config is as folllows:
access-list pp-vpn extended permit ip 10.254.7.64 255.255.255.192 10.254.6.64 255.255.255.192
access-list policy-nat---- extended permit ip 192.168.x.0 255.255.255.192 10.254.6.64 255.255.255.192
static (inside,outside) 10.254.7.64 access-list policy-nat
crypto ipsec transform-set esp-aes256-sha esp-md5-hmac
crypto map outside_map 20 match address pp-vpn
crypto map outside_map 20 set peer 172.162.1.2
crypto map outside_map 20 set transform-set vpn1
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp policy 65 encyptio
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
tunnel type ipsec-l2l
tunnel-group 172.162.1.2 ipsec-attributes
pre-shared-key *
Thank you immensly for all your assitance
ven
05-30-2012 05:39 AM
Did you "clear xlate" after making changes to the static NAT statement?
Also, do you have any access-list on the inside interface that might be blocking the access?
05-30-2012 01:30 PM
Hi Jenni I tried both of the above, but still it remains the same, no inside access rules as well.
05-30-2012 02:36 PM
Can you please remove the following:
static (inside,outside) 10.254.7.64 access-list policy-nat
and change it to:
nat (inside) 5 access-list policy-nat
global (outside) 5 10.254.7.64
Then "clear xlate" again.
06-01-2012 02:35 PM
That did it. Spot on, thanks! Thanks a lot Jenni!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide