Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
0
Replies

SLA (configured on the ASA itself) from ASA to remote host over L2L tunnel

RafaelErtel
Level 1
Level 1

‎06-10-2020 11:55 AM

Hi All, 

 

I have two ASA's.  I have a tunnel up and running between them just fine.  However, in an attempt to keep interesting traffic flowing over the tunnel I've config'ed an SLA to ping to a host on the remote side of the VPN.  I cannot get it to work.  the config:

 

ASA on which the SLA originates:

 

sla monitor 1
type echo protocol ipIcmpEcho x.x.x.x interface outside
num-packets 3
frequency 10
sla monitor schedule 1 life forever start-time now

 

access-list crypto_ACL extended permit icmp host outside_int_ip dest_host_net 255.255.0.0 echo-reply
access-list crypto_ACL extended permit icmp host outside_int_ip dest_host_net  255.255.0.0 echo

 

nat (outside,outside) source static obj-outside_int_ip obj-outside_int_ip destination static obj-dest_host_net obj-dest_host_net

 

the NAT and crypto on the remote side are the inverse of this....

 

thanks for any help you can provide.

 

rif

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents