Solved

Site to site VPN

Posted on 2007-11-29
2
596 Views
Last Modified: 2008-10-14
I am setting up a test with 2 windows xp pcs and 2 Cisco ASA 5510 appliances. I have the 2 ASA devices connected togethe via ethernet and the 2 windows pcs are plugged directly into the respective ASA firewalls.

I should be able to ping the remote PC and get a reply, but it doesnt seem to be working. Followed the wizard, the only thing I can think of is that the device didnt come with a liscense for VPN.
0
Comment
Question by:dwarner8
2 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 250 total points
ID: 20374798
The ASA comes with VPN functionality built in, both for remote access and site-to-site VPN capability...no special licensing required.

Have you verified that the VPN tunnel is up?  From the command line interface, you can issue the command:

sh cryp is sa

and it will say something similar to the following if the tunnel is up:

1   IKE Peer: xxx.xxx.xxx.xxx
    Type    : user            Role    : responder
    Rekey   : no              State   : MM_ACTIVE
2   IKE Peer: xxx.xxx.xxx.xxx
    Type    : user            Role    : responder
    Rekey   : no              State   : MM_ACTIVE

If the tunnel is up, then you should be able to ping the other client PC as long as the crypto access list is correct.  Post the output of both the following commands to further troubleshoot:

sh cryp is sa
sh cryp ip sa
0
 
LVL 1

Author Comment

by:dwarner8
ID: 21323552
THanks
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now