Lan 2 Lan tunnel not coming up

Posted on 2008-10-27
Last Modified: 2011-10-19
I am having troubles bring up a tunnel. It used to connect  to our cisco 3030 and now we have moved it to an ASA 5505... I have attaced the debug log file.
Question by:axl13
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 32

Expert Comment

ID: 22822151

Looks fine, whats wrong? Tunnel establishes, how are you testing that it does not work?

Most likely your problem is that you have NAT configured as well and you are not telling your VPN devices not to nat the traffic from your inside LANs. On the ASA you need to setup nat0 to say do not nat from inside1 LAN to inside2 LAN. Can you post your config?

harbor235 ;}

Author Comment

ID: 22823967
Here is the config
LVL 32

Accepted Solution

harbor235 earned 500 total points
ID: 22824066

NAT is the problem, youo are nat'ng everything, add the following;

nat (inside) 0 access-list NONAT
access-list NONAT permit ip XXX.XXX29.192 XXX.XXX75.0 (same as the traffci you are encypting)

harbor235 ;}

Author Comment

ID: 22824346
current we need to do an ssh -l xxx asa to get to the device... How do I assign the xxx on the asa
LVL 32

Expert Comment

ID: 22824778

The question you asked dealt with L2L tunnels, is that working? SSH configuration abd operation would be another question. However, if you mean how do you configure a user account on the asa to be used with ssh -l
then you need to use the username x password y command. You also need to generate public and private keys if ssh has never been confgured beofore.

harbor235 ;}

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question