Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
0
Helpful
2
Replies

VPN Tunnel between ASA and PIX - Tunnel forms but no LAN access for either

cornerstonesd
Level 1
Level 1

‎11-02-2006 07:13 PM - edited ‎02-21-2020 02:42 PM

I'm running an ASA 7.2.1 and a PIX 6.3.5. I've posted my config for the ASA, as it's what's causing me grief. I can extablish the tunnel for an IPSEC VPN on both ends (i just used the vpn wizard on both devices). My devices on the pix end (192.168.1.0) able to gain access to the devices on the ASA end (10.184.0.0) however, when the 10.184.0.0 end tries to reply with packets, the ASA denies it giving a 2 Nov 02 2006 20:45:42 106006 10.184.196.64 192.168.1.20 Deny inbound UDP from 10.184.196.64/64039 to 192.168.1.20/49182 on interface connect. This is less than favorable. It occurs with ICMP, UDP and TCP traffic. Any help on letting these two LAN's chat would be much appreciated.

config for ASA attached:

Labels:
Preview file
4 KB
0 Helpful
2 Replies 2

mchin345
Level 6
Level 6

‎11-08-2006 12:50 PM

Try this:

Check the ACL for Interesting Traffic and NAT 0 configuration in ASA end.

Also ensure "sysopt connection permit-ipsec" command is enabled.

Try these links:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml

0 Helpful

cornerstonesd
Level 1
Level 1
In response to mchin345

‎11-08-2006 03:08 PM

My failover network and remote lan were the same subnet on the ASA. Changed the subnet over on the failover and all worked well. Thanks for your help

0 Helpful
Customers Also Viewed These Support Documents