Solved

I have 2 ASA5520 x8.0 I want make VPN site to Site but is not work  and there are no isakmp sas

Posted on 2010-08-24
18
845 Views
Last Modified: 2012-05-10
I have 2 ASA firewall is not work
When I make show crypto isakmp sa or show crypto ipsec sa
appear this  there are no isakmp sas or there are no ipsec sas

and network 10.12.5.0/24 cannot ping or see network 10.12.2.0

Site A

ASA Version 8.0(4)
!
hostname ASA5520
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 20.20.20.2 255.255.255.0
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 nameif inside
 security-level 100
 ip address 10.12.2.1 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
same-security-traffic permit intra-interface
access-list inside_acl extended permit ip 10.12.2.0 255.255.255.0 any log
access-list outside_acl extended permit ip any any
access-list outside_acl extended permit ah any any
access-list outside_acl extended permit esp any any
access-list outside_acl extended permit gre any any
access-list 100 remark ****** link to ASA mater *******
access-list 100 extended permit ip 10.12.2.0 255.255.255.0 10.12.5.0 255.255.255.0
access-list nonat remark ****** NAT ACL *******
access-list nonat extended permit ip 10.12.2.0 255.255.255.0 10.12.5.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any echo outside
icmp permit any echo-reply outside
icmp permit any inside
icmp permit any echo inside
icmp permit any echo-reply inside
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 10.12.2.0 255.255.255.0
access-group outside_acl in interface outside
access-group inside_acl in interface inside
route outside 0.0.0.0 0.0.0.0 20.20.20.1 1
route outside 80.79.144.11 255.255.255.255 20.20.20.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df outside
crypto dynamic-map dynmap 50 set security-association lifetime seconds 28800
crypto dynamic-map dynmap 50 set security-association lifetime kilobytes 4608000
crypto map newmap 10 set security-association lifetime seconds 28800
crypto map newmap 10 set security-association lifetime kilobytes 4608000
crypto map vpn 10 set security-association lifetime seconds 28800
crypto map vpn 10 set security-association lifetime kilobytes 4608000
crypto map mymap 1 match address 100
crypto map mymap 1 set pfs
crypto map mymap 1 set peer 80.79.144.11
crypto map mymap 1 set security-association lifetime seconds 28800
crypto map mymap 1 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 15
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet 10.12.2.2 255.255.255.255 inside
telnet 10.12.2.3 255.255.255.255 inside
telnet 192.168.1.2 255.255.255.255 management
telnet timeout 5
ssh 10.12.2.2 255.255.255.255 inside
ssh 10.12.2.3 255.255.255.255 inside
ssh 192.168.1.2 255.255.255.255 management
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username ares password l9QbBieuKYVrSN4I encrypted privilege 15
username admin password eY/fQXw7Ure8Qrz7 encrypted
tunnel-group 80.79.144.11 type ipsec-l2l
tunnel-group 80.79.144.11 general-attributes
tunnel-group 80.79.144.11 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:XXXXXXXXXXXXXXXXX
: end
[OK]

Site B
ASA Version 8.0(4)
!
hostname Local
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 80.79.144.11 255.255.255.0
!
interface Ethernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2
 nameif inside
 security-level 100
 ip address 10.12.5.1 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit intra-interface
access-list inside_acl extended permit ip 10.12.5.0 255.255.255.0 any log
access-list outside_acl extended permit ip any any
access-list outside_acl extended permit esp any any
access-list outside_acl extended permit ah any any
access-list outside_acl extended permit gre any any
access-list 100 remark ****** link to ASA main *******
access-list 100 extended permit ip 10.12.5.0 255.255.255.0 10.12.2.0 255.255.255.0
access-list nonat remark ****** NAT ACL *******
access-list nonat extended permit ip 10.12.5.0 255.255.255.0 10.12.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any echo outside
icmp permit any echo-reply outside
icmp permit any inside
icmp permit any echo inside
icmp permit any echo-reply inside
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.12.5.0 255.255.255.0
access-group outside_acl in interface outside
access-group inside_acl in interface inside
route outside 0.0.0.0 0.0.0.0 80.79.144.10 1
route outside 20.20.20.2 255.255.255.255 80.79.144.10 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication telnet console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df outside
crypto map outside_map 10 set security-association lifetime seconds 28800
crypto map outside_map 10 set security-association lifetime kilobytes 4608000
crypto map mymap 1 match address 100
crypto map mymap 1 set pfs
crypto map mymap 1 set peer 20.20.20.2
crypto map mymap 1 set security-association lifetime seconds 28800
crypto map mymap 1 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 15
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
telnet 80.79.144.13 255.255.255.255 outside
telnet 10.12.5.2 255.255.255.255 inside
telnet 10.12.5.3 255.255.255.255 inside
telnet timeout 5
ssh 80.79.144.13 255.255.255.255 outside
ssh 10.12.5.2 255.255.255.255 inside
ssh 10.12.5.3 255.255.255.255 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username ares password l9QbBieuKYVrSN4I encrypted privilege 15
tunnel-group 20.20.20.2 type ipsec-l2l
tunnel-group 20.20.20.2 general-attributes
tunnel-group 20.20.20.2 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!            
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:cccccccccccccccccccccccccc
 
Local(config)# show crypto isakmp sa

There are no isakmp sas
   
Local(config)# show crypto ipsec sa
There are no ipsec sas
Local(config)#  debug crypto isakmp  
0
Comment
Question by:metaprov
  • 7
  • 5
  • 4
18 Comments
 
LVL 3

Expert Comment

by:darthcontra
ID: 33510181
You will have to add icmp commands to your access lists for ping to work and activate the vpn.
Respectively:
access-list 100 extended permit icmp 10.12.2.0 255.255.255.0 10.12.5.0 255.255.255.0

access-list 100 extended permit icmp 10.12.5.0 255.255.255.0 10.12.2.0 255.255.255.0
 
0
 

Author Comment

by:metaprov
ID: 33510430
is not work VPN donot up and also network 10.12.5.0 cannot ping 10.12.2.0 or inverse

Site A
ASA Version 8.0(4)
!
hostname ASA5520

interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 20.20.20.2 255.255.255.0

interface GigabitEthernet0/2
 nameif inside
 security-level 100
 ip address 10.12.2.1 255.255.255.0
access-list 100 remark ****** link to ASA mater *******
access-list 100 extended permit ip 10.12.2.0 255.255.255.0 10.12.5.0 255.255.255.0
access-list 100 extended permit icmp 10.12.2.0 255.255.255.0 10.12.5.0 255.255.255.0

Site B
ASA Version 8.0(4)
!
hostname Local
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 80.79.144.11 255.255.255.0
!

interface Ethernet0/2
 nameif inside
 security-level 100
 ip address 10.12.5.1 255.255.255.0
access-list 100 remark ****** link to ASA main *******
access-list 100 extended permit ip 10.12.5.0 255.255.255.0 10.12.2.0 255.255.255.0
access-list 100 extended permit icmp 10.12.5.0 255.255.255.0 10.12.2.0 255.255.255.0
0
 
LVL 14

Accepted Solution

by:
anoopkmr earned 250 total points
ID: 33510854
Try like this

SITE A

nat (inside) 0 access-list nonat
policy-map global_policy
 class inspection_default
inspect icmp

SITE B

policy-map global_policy
 class inspection_default
inspect ICMP






0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:darthcontra
ID: 33511016
Do you see the connection trying to establish while running the ping?
0
 

Author Comment

by:metaprov
ID: 33511098
VPN  still not  work  :-S and both network 10.12.5.0 and 10.12.2.0 cannot reach to each another

note
network 10.12.2.0 can ping to 80.79.144.10 replay  but to 10.12.5.0 no replay
network 10.12.5.0 can ping to 20.20.20.2 replay  but to 10.12.2.0 no replay

Site A config
ASA Version 8.0(4)
!
hostname ASA5520
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 20.20.20.2 255.255.255.0
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 nameif inside
 security-level 100
 ip address 10.12.2.1 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
same-security-traffic permit intra-interface
access-list inside_acl extended permit ip 10.12.2.0 255.255.255.0 any log
access-list outside_acl extended permit ip any any
access-list outside_acl extended permit ah any any
access-list outside_acl extended permit esp any any
access-list outside_acl extended permit gre any any
access-list 100 remark ****** link to ASA mater *******
access-list 100 extended permit ip 10.12.2.0 255.255.255.0 10.12.5.0 255.255.255.0
access-list 100 extended permit icmp 10.12.2.0 255.255.255.0 10.12.5.0 255.255.255.0
access-list nonat remark ****** NAT ACL *******
access-list nonat extended permit ip 10.12.2.0 255.255.255.0 10.12.5.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any echo outside
icmp permit any echo-reply outside
icmp permit any inside
icmp permit any echo inside
icmp permit any echo-reply inside
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.12.2.0 255.255.255.0
access-group outside_acl in interface outside
access-group inside_acl in interface inside
route outside 0.0.0.0 0.0.0.0 20.20.20.1 1
route outside 80.79.144.11 255.255.255.255 20.20.20.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df outside
crypto dynamic-map dynmap 50 set security-association lifetime seconds 28800
crypto dynamic-map dynmap 50 set security-association lifetime kilobytes 4608000
crypto map newmap 10 set security-association lifetime seconds 28800
crypto map newmap 10 set security-association lifetime kilobytes 4608000
crypto map vpn 10 set security-association lifetime seconds 28800
crypto map vpn 10 set security-association lifetime kilobytes 4608000
crypto map mymap 1 match address 100
crypto map mymap 1 set pfs
crypto map mymap 1 set peer 80.79.144.11
crypto map mymap 1 set security-association lifetime seconds 28800
crypto map mymap 1 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 15
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet 10.12.2.2 255.255.255.255 inside
telnet 10.12.2.3 255.255.255.255 inside
telnet 192.168.1.2 255.255.255.255 management
telnet timeout 5
ssh 10.12.2.2 255.255.255.255 inside
ssh 10.12.2.3 255.255.255.255 inside
ssh 192.168.1.2 255.255.255.255 management
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username ares password l9QbBieuKYVrSN4I encrypted privilege 15
username admin password eY/fQXw7Ure8Qrz7 encrypted
tunnel-group 80.79.144.11 type ipsec-l2l
tunnel-group 80.79.144.11 general-attributes
tunnel-group 80.79.144.11 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:cxxxxxxxxxxxxxxxxxxx
: end


Site B
Local> ena
Password:
Local#
Local# conf t
Local(config)# wr t
: Saved
:
ASA Version 8.0(4)
!
hostname Local
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 80.79.144.11 255.255.255.0
!
interface Ethernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2
 nameif inside
 security-level 100
 ip address 10.12.5.1 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit intra-interface
access-list inside_acl extended permit ip 10.12.5.0 255.255.255.0 any log
access-list outside_acl extended permit ip any any
access-list outside_acl extended permit esp any any
access-list outside_acl extended permit ah any any
access-list outside_acl extended permit gre any any
access-list 100 remark ****** link to ASA main *******
access-list 100 extended permit ip 10.12.5.0 255.255.255.0 10.12.2.0 255.255.255.0
access-list 100 extended permit icmp 10.12.5.0 255.255.255.0 10.12.2.0 255.255.255.0
access-list nonat remark ****** NAT ACL *******
access-list nonat extended permit ip 10.12.5.0 255.255.255.0 10.12.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any echo outside
icmp permit any echo-reply outside
icmp permit any inside
icmp permit any echo inside
icmp permit any echo-reply inside
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.12.5.0 255.255.255.0
access-group outside_acl in interface outside
access-group inside_acl in interface inside
route outside 0.0.0.0 0.0.0.0 80.79.144.10 1
route outside 20.20.20.2 255.255.255.255 80.79.144.10 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication telnet console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df outside
crypto map outside_map 10 set security-association lifetime seconds 28800
crypto map outside_map 10 set security-association lifetime kilobytes 4608000
crypto map mymap 1 match address 100
crypto map mymap 1 set pfs
crypto map mymap 1 set peer 20.20.20.2
crypto map mymap 1 set security-association lifetime seconds 28800
crypto map mymap 1 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 15
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
telnet 80.79.144.13 255.255.255.255 outside
telnet 10.12.5.2 255.255.255.255 inside
telnet 10.12.5.3 255.255.255.255 inside
telnet timeout 5
ssh 80.79.144.13 255.255.255.255 outside
ssh 10.12.5.2 255.255.255.255 inside
ssh 10.12.5.3 255.255.255.255 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username ares password l9QbBieuKYVrSN4I encrypted privilege 15
tunnel-group 20.20.20.2 type ipsec-l2l
tunnel-group 20.20.20.2 general-attributes
tunnel-group 20.20.20.2 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
  inspect icmp
!
service-policy global_policy global
prompt hostname context
0
 
LVL 3

Assisted Solution

by:darthcontra
darthcontra earned 250 total points
ID: 33511332
Add this to both firewalls:

crypto map mymap 1 set transform-set myset
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33511988
yes I missed the above commands, u should add this on both firewalls

crypto map mymap 1 set transform-set myset
0
 

Author Comment

by:metaprov
ID: 33518908
thx alot solve
0
 

Author Comment

by:metaprov
ID: 33519976
ewr
0
 

Author Comment

by:metaprov
ID: 33520015
thx alot
0
 
LVL 3

Expert Comment

by:darthcontra
ID: 33520730
Points?
0
 

Author Comment

by:metaprov
ID: 33521826
solve my problem  thx agian ,
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33521914
please assign the points
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33531266
0
 
LVL 3

Expert Comment

by:darthcontra
ID: 33532367
0
 

Author Closing Comment

by:metaprov
ID: 33542174
aaa
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question