Lan 2 Lan tunnel not coming up

Posted on 2008-10-27
Last Modified: 2011-10-19
I am having troubles bring up a tunnel. It used to connect  to our cisco 3030 and now we have moved it to an ASA 5505... I have attaced the debug log file.
Question by:axl13
  • 3
  • 2
LVL 32

Expert Comment

ID: 22822151

Looks fine, whats wrong? Tunnel establishes, how are you testing that it does not work?

Most likely your problem is that you have NAT configured as well and you are not telling your VPN devices not to nat the traffic from your inside LANs. On the ASA you need to setup nat0 to say do not nat from inside1 LAN to inside2 LAN. Can you post your config?

harbor235 ;}

Author Comment

ID: 22823967
Here is the config
LVL 32

Accepted Solution

harbor235 earned 500 total points
ID: 22824066

NAT is the problem, youo are nat'ng everything, add the following;

nat (inside) 0 access-list NONAT
access-list NONAT permit ip XXX.XXX29.192 XXX.XXX75.0 (same as the traffci you are encypting)

harbor235 ;}

Author Comment

ID: 22824346
current we need to do an ssh -l xxx asa to get to the device... How do I assign the xxx on the asa
LVL 32

Expert Comment

ID: 22824778

The question you asked dealt with L2L tunnels, is that working? SSH configuration abd operation would be another question. However, if you mean how do you configure a user account on the asa to be used with ssh -l
then you need to use the username x password y command. You also need to generate public and private keys if ssh has never been confgured beofore.

harbor235 ;}

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now