i have configured the site to site vpn between ASA 5510 and 5505. VPN is established but i can't access the resources. i have two subnet on ASA 5510, one is 192.168.x.x and other 172.16.x.x. i can access every thing from 192.168.x.x subnet but not from 172.16.x.x subnet. i have only one subnet on ASA 5505 that is 172.17.x.x. they can access the subnet 192.168.x.x but not the 172.16.x.x subnet. previously it worked fine but now we have problem. we have not changed anything.
i verified the all configuration on both sides and it look like fine. i checked the access lists, nat, etc. i also tested with bulletin cisco packet tracer and it is showing everything fine. i have also other branch offices and everything working fine there.
please guide me, how i can troubleshoot and solve this problem?
Thanks in advance
make sure you the networks are listed and enc and decry packets are incrementing. You can do a source ping to generate traffic:
ping 172.16.0.1 source 172.17.24.1
That will tell you if the traffic is leaving the device.
0
Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.
On the "sh cry ips sa" output did the networks look right?
Make sure that you have a "nonat" rule built so that traffic going over the VPN is not being NATed otherwise it will not match the selector and therefore not get sent over the tunnel.
Can you attach a copy of the config?
0
techniasupportAuthor Commented:
firewall chche the wrong crypto information. after reboot the firewall, problem is solved
0
techniasupportAuthor Commented:
Solution was not completed.
0
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!