Re: VPN_ASA_SITE2SITE

Hiko · ‎02-03-2021

I Configure site2site vpn with other remote network ..We decided to my server network translate other new ip address . i created nat for source and translations, VPN is up I can telnet remote server but remote network can not telnet my Server and port number I add ACL but problem does not solve please help

MyLan network

192.168.4.0

Nat subnet1
192.168.1.1

Nat subnet2

192.168.1.2
remote lan network
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0

crypto map Internet_map 8 match address VPN
crypto map Internet_map 8 set pfs group5
crypto map Internet_map 8 set peer 1.1.1.1
crypto map Internet_map 8 set ikev1 transform-set VPNset
crypto map Internet_map 8 set security-association lifetime seconds 3600

VPN
access-list VPN line 1 extended permit ip host 192.168.1.1 192.168.2.0 255.255.255.0
access-list VPN line 1 extended permit ip host 192.168.1.1 192.168.2.0 255.255.255.0

access-list Internet_access_in line 14 extended permit tcp 192.168.2.0 255.255.255.0192.168.4.0

255.255.255.0 eq 101
access-list Internet_access_in line 14 extended permit tcp 192.168.3.0 255.255.255.0 192.168.4.0

255.255.255.0 eq 101
access-list Internet_access_in line 14 extended permit udp 192.168.2.0 255.255.255.0 192.168.4.0

255.255.255.0 eq 101
access-list Internet_access_in line 14 extended permit udp 192.168.3.0 255.255.255.0 92.168.4.0

255.255.255.0 eq 101
access-list Internet_access_in line 14 extended permit tcp 192.168.2.0 255.255.255 0 192.168.4.0 255.255.255.0 eq telnet
access-list Internet_access_in line 14 extended permit tcp 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0 eq telnet

Mohammed al Baqari · ‎02-03-2021

Hi,

Your crypto is using acl named VPN and your VPN acl is AsanPay. They are
not matching. Where is ACL 14?

Don't share partial config. Share full one to see what is missing

**** please remember to rate useful posts

Hiko · ‎02-03-2021

Sorry this is my mistake acl name is VPN. I changed my mistake in text

Acl is match bt dont connect my server and port