cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1480
Views
0
Helpful
13
Replies

VPN on ASA 5510 Working but Workstations Not

dhyland
Level 1
Level 1

We have an ASA running 8.2(3) and have two site-to-site VPNs running on it.  The second VPN we just established the other day and, from the ASA itself, it appears to be working.  We are able to ping remote hosts from the ASA without issue.  However, on this second VPN any hosts on our LAN cannot reach the remote side...  Trying to figure out what might be going on.  Applicable config below (please forgive errors and formatting):

interface Ethernet0/0

nameif outside

security-level 0

ip address WAN.IP.ADDR 255.255.255.224

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.21.1 255.255.255.0

!

interface Ethernet0/2

shutdown

nameif intf2

security-level 0

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

nameif management

security-level 100

no ip address

management-only

!

access-list outside_cryptomap extended permit ip 192.168.21.0 255.255.255.0 10.50.50.0 255.255.255.0

access-group acl_out in interface outside

crypto ipsec transform-set ATLAS-TS esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto map mymap 2 match address outside_cryptomap

crypto map mymap 2 set peer PEER.WAN.IP.ADDR

crypto map mymap 2 set transform-set ATLAS-TS

crypto map mymap 65535 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

crypto isakmp nat-traversal 10

tunnel-group PEER.WAN.IP.ADDR type ipsec-l2l

tunnel-group PEER.WAN.IP.ADDR ipsec-attributes

pre-shared-key *****

1 Accepted Solution