• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 413
  • Last Modified:

VPN Site to site

Dear experts

Im having problem with site to site VPN connection IPsec. site A to B

This is a Cisco ASA 5505 im using and after I added connection peer ip as site B in A connection profile, and same encrypion algorithms, and also with NAT rules that allow site B to A, and did the same thing with B, the connection didnt get through... The VPN monitor shows connection: 0 in both site... I didnt also recieve anything error from the log and nothing happens... I dont know why tho, anyone know what is this kind of problem?

ASA: 8.2.(3)
ADSM: 6.3(4)53

Thx for your time.
 
0
Handersson75
Asked:
Handersson75
  • 3
  • 3
2 Solutions
 
Ernie BeekExpertCommented:
Did you also add a rule that matched the traffic that needs to go through the tunnel?
0
 
John MeggersNetwork ArchitectCommented:
First things first -- check your ACLs on both ends of the tunnel to make sure they're mirror images of each other (source A to dest B on one end and source B to dest A on the other end).  Second, have you generated traffic to bring the VPN tunnel up?  

If you have done that, and the VPN should be active, get on the command line and "debug crypto isakmp" to see whether an ISAKMP association is forming.  If that's complete, when you do "show crypto isakmp sa" you should see a listing for the peering showing QM_IDLE as the status.  If you don't see that, something's happening that's causing Phase 1 to fail.  

If you do, then you need to look at "show crypto ipsec sa" to see if traffic is being encrypted.
0
 
Handersson75Author Commented:
i got respond there are no isakmp sas... when i wrote it in CLI
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Ernie BeekExpertCommented:
It might be handy if you post your sanitized configs here. I think that way its easier for us to help you.
0
 
Handersson75Author Commented:
Problem solved, it was my stupid misstake, I forgot to add the crypto mapp in the site to site, now its working, I will give the points tho to you guys that try to help me with this.

Thank you very much.
0
 
Handersson75Author Commented:
Find the problem.
0
 
Ernie BeekExpertCommented:
Well Thx for the points, good you found it :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now