• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 604
  • Last Modified:

Site to site VPN

I am setting up a test with 2 windows xp pcs and 2 Cisco ASA 5510 appliances. I have the 2 ASA devices connected togethe via ethernet and the 2 windows pcs are plugged directly into the respective ASA firewalls.

I should be able to ping the remote PC and get a reply, but it doesnt seem to be working. Followed the wizard, the only thing I can think of is that the device didnt come with a liscense for VPN.
0
dwarner8
Asked:
dwarner8
1 Solution
 
batry_boyCommented:
The ASA comes with VPN functionality built in, both for remote access and site-to-site VPN capability...no special licensing required.

Have you verified that the VPN tunnel is up?  From the command line interface, you can issue the command:

sh cryp is sa

and it will say something similar to the following if the tunnel is up:

1   IKE Peer: xxx.xxx.xxx.xxx
    Type    : user            Role    : responder
    Rekey   : no              State   : MM_ACTIVE
2   IKE Peer: xxx.xxx.xxx.xxx
    Type    : user            Role    : responder
    Rekey   : no              State   : MM_ACTIVE

If the tunnel is up, then you should be able to ping the other client PC as long as the crypto access list is correct.  Post the output of both the following commands to further troubleshoot:

sh cryp is sa
sh cryp ip sa
0
 
dwarner8Author Commented:
THanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now