Lan 2 Lan tunnel not coming up

Posted on 2008-10-27
Last Modified: 2011-10-19
I am having troubles bring up a tunnel. It used to connect  to our cisco 3030 and now we have moved it to an ASA 5505... I have attaced the debug log file.
Question by:axl13
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 32

Expert Comment

ID: 22822151

Looks fine, whats wrong? Tunnel establishes, how are you testing that it does not work?

Most likely your problem is that you have NAT configured as well and you are not telling your VPN devices not to nat the traffic from your inside LANs. On the ASA you need to setup nat0 to say do not nat from inside1 LAN to inside2 LAN. Can you post your config?

harbor235 ;}

Author Comment

ID: 22823967
Here is the config
LVL 32

Accepted Solution

harbor235 earned 500 total points
ID: 22824066

NAT is the problem, youo are nat'ng everything, add the following;

nat (inside) 0 access-list NONAT
access-list NONAT permit ip XXX.XXX29.192 XXX.XXX75.0 (same as the traffci you are encypting)

harbor235 ;}

Author Comment

ID: 22824346
current we need to do an ssh -l xxx asa to get to the device... How do I assign the xxx on the asa
LVL 32

Expert Comment

ID: 22824778

The question you asked dealt with L2L tunnels, is that working? SSH configuration abd operation would be another question. However, if you mean how do you configure a user account on the asa to be used with ssh -l
then you need to use the username x password y command. You also need to generate public and private keys if ssh has never been confgured beofore.

harbor235 ;}

Featured Post

Ransomware - Can it be prevented?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 78
Cisco ASA 5512 LAN Config 16 128
ASA Deny No Connection PSH ACK, Traffic is dropped 10 91
Cisco ASA LDAP Authentication for VPN and Management 8 53
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question