troubleshooting Question

Site to Site VPN Cisco ASA and Cisco Router

Avatar of Techrunner
Techrunner asked on
6 Comments1 Solution2759 ViewsLast Modified:
Hello Experts,
I have configured  Site to Site IPSec VPN between our Cisco ASA and Cisco Router. The VPN is up but I cannot ping the devices each other from both sites. I dont know what's wrong with the configuration I have Remote Access VPN configured on our ASA for Cisco Anyconnect and Cisco VPN Client

Router Configuration

hostname Router

ip cef
username admin privilege 15 password 0 come$takeit
crypto isakmp policy 2
 encr aes
 authentication pre-share
crypto isakmp key cisco123 address
crypto ipsec transform-set test esp-aes esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to1.1.1.1
 set peer
 set transform-set test
 match address 100
 log config
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/35
  pppoe-client dial-pool-number 1
 dsl operating-mode auto
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
 ip address
 ip nat inside
 ip virtual-reassembly
interface Dialer1
 ip address negotiated
 ip access-group 101 out
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication pap chap callin
 ppp chap hostname **************
 ppp chap password 7 ************************
 ppp pap sent-username ********************************
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map SDM_CMAP_1
ip forward-protocol nd
ip route Dialer1
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip
access-list 101 remark SDM_ACL Category=19
access-list 101 remark IPSec Rule
access-list 101 deny   ip
access-list 101 permit ip any
route-map SDM_RMAP_1 permit 1
 match ip address 101
line con 0
 no modem enable
line aux 0
line vty 0 4
 login local
scheduler max-task-time 5000

ASA Configuration

      access-list Outside_1_cryptomap line 1 extended permit ip
      tunnel-group type ipsec-l2l
      tunnel-group ipsec-attributes
        pre-shared-key **********
        isakmp keepalive threshold 10 retry 2
      crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
      crypto map Outside_map 1 match address Outside_1_cryptomap
      crypto map Outside_map 1 set  peer
      crypto map Outside_map 1 set  transform-set  ESP-AES-128-SHA

Any help please?

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros