daxa78
asked on
Site to Site VPN problem
Hello guys and girls.
Happy christmas to you all.
Here is the case.
I have this client that has a Site to site VPN connections betweeen two remote sites.
Using two Cisco ASA 5505
This has been working great but now site A got a new ISP and a new IP.
I modified the site B to and set the Peer to the correct IP
but it still did not work.
I also tried to change the preshared password (yes on both ends)
I assumed this would be an easy switch.
Any ideas?
I could set them up from scratch again im sure that would work but
its not very educational. A bit like formatting your HD when you get spyware og viruses.
How do i troubleshoot these connections?
PS im unable to post the config since im not in the office.
I cant seem to get it out of my mind.
Happy christmas to you all.
Here is the case.
I have this client that has a Site to site VPN connections betweeen two remote sites.
Using two Cisco ASA 5505
This has been working great but now site A got a new ISP and a new IP.
I modified the site B to and set the Peer to the correct IP
but it still did not work.
I also tried to change the preshared password (yes on both ends)
I assumed this would be an easy switch.
Any ideas?
I could set them up from scratch again im sure that would work but
its not very educational. A bit like formatting your HD when you get spyware og viruses.
How do i troubleshoot these connections?
PS im unable to post the config since im not in the office.
I cant seem to get it out of my mind.
Did you remember to create a new tunnel group with the correct new IP address on the 5505 that didn't change IP?
ASKER
Ok so i have to modify both boxes?
yes you have
And you need to clear the translation table and reset the crypto maps. (or just reboot).
any thing in the log ?
can you post the configs?
ASKER
What do i need to change in the router a that has the new IP? Except setting the fw up so that its online again? I assumed i only had to change the peer ip on router B.
ASKER
Here are the running configs that i have. It is ASA A that has gotten a new IP.
Here are some info from the log
4 Dec 27 2009 07:59:17 713903 IP = 215.145.177.74, Header invalid, missing SA payload! (next payload = 4)
5 Dec 27 2009 07:59:19 713904 IP = 215.145.177.74, Received encrypted packet with no matching SA, dropping
4 Dec 27 2009 07:59:29 713903 Group = 215.145.177.74, IP = 215.145.177.74, Can't find a valid tunnel group, aborting...!
ASA-A.txt
ASA-B.txt
Here are some info from the log
4 Dec 27 2009 07:59:17 713903 IP = 215.145.177.74, Header invalid, missing SA payload! (next payload = 4)
5 Dec 27 2009 07:59:19 713904 IP = 215.145.177.74, Received encrypted packet with no matching SA, dropping
4 Dec 27 2009 07:59:29 713903 Group = 215.145.177.74, IP = 215.145.177.74, Can't find a valid tunnel group, aborting...!
ASA-A.txt
ASA-B.txt
Typo in your ASA-A access lists. :) You have 84.* instead of 85.*
ASKER
Nevemind that its just a poor attempt at hiding IP addresses.
did you reboot after the change? (both ASAs?)
ASKER
yes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cool how do i change that ?
I cant use the no command to remove it? I thought that was only a naming thing and did not refer to an ip address.
I cant use the no command to remove it? I thought that was only a naming thing and did not refer to an ip address.
clear config tunnel-group 62.101.223.50
As RPPreacher said in order to eliminate that you need to enter the clear config command, and after that you just need to enter the correct one, remember that you need to have the same Pre Shared Key on both devices.
Regards,
Regards,
ASKER
I have done that now but im still unable to connect. I have not made any changes to asa A.
I still dont know what i need to change there. I have changed the Preshared key on both locations and i have restarted the boxes.
I still dont know what i need to change there. I have changed the Preshared key on both locations and i have restarted the boxes.
Once you enter the new tunnel-group you need to shut down the crypto map and reenable the crypto map or reboot (which achieves the same thing).
The PSK is key sensitive, so you need to take that into consideration, you can enable debugs to see what is the problem,
debug crypto isakmp 155
debug crypto ipsec 155
This can give us a clue of what is going on, this will trow a lot of information if you can post everything it would be great.
Regards,
debug crypto isakmp 155
debug crypto ipsec 155
This can give us a clue of what is going on, this will trow a lot of information if you can post everything it would be great.
Regards,
ASKER
Debug ipsec does not display anything but i get this from isakmp.
Dec 28 05:47:24 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEI VED Message (msgid=89f1aa33) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, proc essing hash payload
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, proc essing notify payload
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Rece ived keep-alive of type DPD R-U-THERE (seq number 0x7725f067)
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Send ing keep-alive of type DPD R-U-THERE-ACK (seq number 0x7725f067)
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, cons tructing blank hash payload
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, cons tructing qm hash payload
Dec 28 05:47:24 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid= 675132fa) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:34 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEIVED Message (msgid=29a9f23f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing hash payload
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing notify payload
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Received keep-alive of type DPD R-U-THERE (seq number 0x7725f068)
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Sending keep-alive of type DPD R-U-THERE-ACK (seq number 0x7725f068)
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing blank hash payload
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing qm hash payload
Dec 28 05:47:34 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid=4567d72b) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Sending keep-alive of type DPD R-U-THERE (seq number 0x206d52a2)
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing blank hash payload
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing qm hash payload
Dec 28 05:47:48 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid=6a867e72) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:48 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEIVED Message (msgid=10bc2df7) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing hash payload
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing notify payload
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x206d52a2)
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Sending keep-alive of type DPD R-U-THERE (seq number 0x206d52a3)
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing blank hash payload
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing qm hash payload
Dec 28 05:47:58 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid=1a736217) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:58 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEIVED Message (msgid=145261c9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing hash payload
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing notify payload
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x206d52a3)
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Sending keep-alive of type DPD R-U-THERE (seq number 0x206d52a4)
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing blank hash payload
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing qm hash payload
Dec 28 05:48:08 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid=41b2dfa3) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:48:08 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEIVED Message (msgid=80017ea8) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing hash payload
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing notify payload
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x206d52a4)
Dec 28 05:47:24 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEI VED Message (msgid=89f1aa33) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, proc essing hash payload
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, proc essing notify payload
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Rece ived keep-alive of type DPD R-U-THERE (seq number 0x7725f067)
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Send ing keep-alive of type DPD R-U-THERE-ACK (seq number 0x7725f067)
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, cons tructing blank hash payload
Dec 28 05:47:24 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, cons tructing qm hash payload
Dec 28 05:47:24 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid= 675132fa) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:34 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEIVED Message (msgid=29a9f23f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing hash payload
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing notify payload
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Received keep-alive of type DPD R-U-THERE (seq number 0x7725f068)
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Sending keep-alive of type DPD R-U-THERE-ACK (seq number 0x7725f068)
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing blank hash payload
Dec 28 05:47:34 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing qm hash payload
Dec 28 05:47:34 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid=4567d72b) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Sending keep-alive of type DPD R-U-THERE (seq number 0x206d52a2)
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing blank hash payload
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing qm hash payload
Dec 28 05:47:48 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid=6a867e72) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:48 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEIVED Message (msgid=10bc2df7) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing hash payload
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing notify payload
Dec 28 05:47:48 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x206d52a2)
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Sending keep-alive of type DPD R-U-THERE (seq number 0x206d52a3)
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing blank hash payload
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing qm hash payload
Dec 28 05:47:58 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid=1a736217) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:58 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEIVED Message (msgid=145261c9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing hash payload
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing notify payload
Dec 28 05:47:58 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x206d52a3)
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Sending keep-alive of type DPD R-U-THERE (seq number 0x206d52a4)
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing blank hash payload
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, constructing qm hash payload
Dec 28 05:48:08 [IKEv1]: IP = 213.145.177.74, IKE_DECODE SENDING Message (msgid=41b2dfa3) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:48:08 [IKEv1]: IP = 213.145.177.74, IKE_DECODE RECEIVED Message (msgid=80017ea8) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing hash payload
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, processing notify payload
Dec 28 05:48:08 [IKEv1 DEBUG]: Group = 213.145.177.74, IP = 213.145.177.74, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x206d52a4)
All I see in the debugs are keepalives coming and going, this tell us that the VPN tunnel is up, if you do a "sh crypto isakmp sa" you should see that the tunnel has been created.
ASKER
ciscoasa(config)# sh crypto isakmp sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 213.145.177.74
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
According to this the tunnel should be up and running right?
But im still unable to ping any host on the inside...
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 213.145.177.74
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
According to this the tunnel should be up and running right?
But im still unable to ping any host on the inside...
Correct the VPN is up, do a "sh crypto ipsec sa" to see the SA's and if the traffic is reaching the peer device.
Regards,
Regards,
ASKER
Yes thats nice but it does not help me much since im not able to ping any hosts :-)
Here is the output
Crypto map tag: outside_map, seq num: 1, local addr: 84.205.45.74
access-list outside_1_cryptomap permit ip 192.168.1.0 255.255.255.0 10.10.1.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0
remote ident (addr/mask/prot/port): (10.10.1.0/255.255.255.0/0
current_peer: 213.145.177.74
#pkts encaps: 8640, #pkts encrypt: 8640, #pkts digest: 8640
#pkts decaps: 9565, #pkts decrypt: 9565, #pkts verify: 9565
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 8640, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 84.205.45.74, remote crypto endpt.: 213.145.177.74
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 8D2860FD
inbound esp sas:
spi: 0xFD31AF72 (4247891826)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 8192, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3824291/17925)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0x8D2860FD (2368233725)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 8192, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3824862/17925)
IV size: 8 bytes
replay detection support: Y
Here is the output
Crypto map tag: outside_map, seq num: 1, local addr: 84.205.45.74
access-list outside_1_cryptomap permit ip 192.168.1.0 255.255.255.0 10.10.1.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0
remote ident (addr/mask/prot/port): (10.10.1.0/255.255.255.0/0
current_peer: 213.145.177.74
#pkts encaps: 8640, #pkts encrypt: 8640, #pkts digest: 8640
#pkts decaps: 9565, #pkts decrypt: 9565, #pkts verify: 9565
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 8640, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 84.205.45.74, remote crypto endpt.: 213.145.177.74
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 8D2860FD
inbound esp sas:
spi: 0xFD31AF72 (4247891826)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 8192, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3824291/17925)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0x8D2860FD (2368233725)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 8192, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3824862/17925)
IV size: 8 bytes
replay detection support: Y
From where are you pinging? because according the information you posted the traffic is flowing across the VPN.
#pkts encaps: 8640, #pkts encrypt: 8640, #pkts digest: 8640
#pkts decaps: 9565, #pkts decrypt: 9565, #pkts verify: 9565
Encaps is outgoing traffic, and decaps is incoming traffic, make sure you are trying to ping from a computer within this range 192.168.1.0/24 to a computer within this range 10.10.1.0/24.
If you are trying to ping from the ASA you need to make sure that the management is on the correct interface and you are sourcing the ping from the correct interface as well.
Regards,
#pkts encaps: 8640, #pkts encrypt: 8640, #pkts digest: 8640
#pkts decaps: 9565, #pkts decrypt: 9565, #pkts verify: 9565
Encaps is outgoing traffic, and decaps is incoming traffic, make sure you are trying to ping from a computer within this range 192.168.1.0/24 to a computer within this range 10.10.1.0/24.
If you are trying to ping from the ASA you need to make sure that the management is on the correct interface and you are sourcing the ping from the correct interface as well.
Regards,
ASKER
Im trying to ping a server on the 192.168.1.0 network it has the IP of 192.168.1.2.
Im trying from the 10.10.1.0 network.
Im trying from the 10.10.1.0 network.
ASKER
PS Not trying from ASA trying from computer on the 10.10.1.0 network.
Have you try to map the drive or something else besides ICMP?
ASKER
This is what i needed