Solved

Site to Site VPN - cannot ping

Posted on 2007-11-21
5
813 Views
Last Modified: 2008-02-01
All,

I created a vpn tunnel between my office (Cisco ASA 5520) and home (SonicWall TZ 170 StandardOS)using 3DES MD5, Aggressive Mode and PFS.  My home network is using 192.168.90.0/24 and is connected to the OPT port of the Sonicwall.  My office LAN is 10.60.0.0/16 and 10.50.0.0/16.  The VPN tunnel is established however I cannot ping across and all my settings look correct.  Any ideas?
0
Comment
Question by:bigz71
  • 2
  • 2
5 Comments
 
LVL 12

Expert Comment

by:dlan75
ID: 20333022
Hi,
I guess you connect from home to your office.
How do you connect ? Do you use the Cisco VPN client ? When you are connected, can you check your IPs to see if you get a new one from your vpn ?
0
 
LVL 4

Expert Comment

by:CCIE8122
ID: 20335177
Umm, he is doing site-to-site, not RAS VPN.

Can you post debug output of the following on the ASA:

deb cry is sa
deb cry ip sa

Without that, it is nearly impossible to say what the issue is.

kr
0
 

Author Comment

by:bigz71
ID: 20335361
CCIE8122,

I'm still new with Cisco and not exactly sure how to use the debug commands.  I ran the commands you asked and get an error the command is not found.

fw# debug cry is sa
                 ^
ERROR: % Invalid input detected at '^' marker.
fw#

0
 
LVL 4

Accepted Solution

by:
CCIE8122 earned 75 total points
ID: 20339113
sorry, dont need the trailing "sa."  should be

debug crypto isakmp
debug crypto ipsec

(you can abbreviate these if you wish)

also make sure you are logging to the console:

logging on
logging monitor debugging
terminal monitor

when you are done:

undebug all
0
 

Author Comment

by:bigz71
ID: 20339896
I was able to fix the problem by recreating the VPN tunnel.  Thanks for your help and points will be awarded to you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now