Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Lan 2 Lan tunnel not coming up

Posted on 2008-10-27
Last Modified: 2011-10-19
I am having troubles bring up a tunnel. It used to connect  to our cisco 3030 and now we have moved it to an ASA 5505... I have attaced the debug log file.
Question by:axl13
  • 3
  • 2
LVL 32

Expert Comment

ID: 22822151

Looks fine, whats wrong? Tunnel establishes, how are you testing that it does not work?

Most likely your problem is that you have NAT configured as well and you are not telling your VPN devices not to nat the traffic from your inside LANs. On the ASA you need to setup nat0 to say do not nat from inside1 LAN to inside2 LAN. Can you post your config?

harbor235 ;}

Author Comment

ID: 22823967
Here is the config
LVL 32

Accepted Solution

harbor235 earned 500 total points
ID: 22824066

NAT is the problem, youo are nat'ng everything, add the following;

nat (inside) 0 access-list NONAT
access-list NONAT permit ip XXX.XXX29.192 XXX.XXX75.0 (same as the traffci you are encypting)

harbor235 ;}

Author Comment

ID: 22824346
current we need to do an ssh -l xxx asa to get to the device... How do I assign the xxx on the asa
LVL 32

Expert Comment

ID: 22824778

The question you asked dealt with L2L tunnels, is that working? SSH configuration abd operation would be another question. However, if you mean how do you configure a user account on the asa to be used with ssh -l
then you need to use the username x password y command. You also need to generate public and private keys if ssh has never been confgured beofore.

harbor235 ;}

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question