troubleshooting Question

Site to Site VPN Cisco ASA and Cisco Router

Avatar of Techrunner
Techrunner asked on
RoutersVPNCisco
6 Comments1 Solution2759 ViewsLast Modified:
Hello Experts,
I have configured  Site to Site IPSec VPN between our Cisco ASA and Cisco Router. The VPN is up but I cannot ping the devices each other from both sites. I dont know what's wrong with the configuration I have Remote Access VPN configured on our ASA for Cisco Anyconnect and Cisco VPN Client


Router Configuration

hostname Router
!

!
!
ip cef
!
!
!
username admin privilege 15 password 0 come$takeit
!
!
crypto isakmp policy 2
 encr aes
 authentication pre-share
crypto isakmp key cisco123 address 1.1.1.1
!
!
crypto ipsec transform-set test esp-aes esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to1.1.1.1
 set peer 1.1.1.1
 set transform-set test
 match address 100
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/35
  pppoe-client dial-pool-number 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 192.168.16.8 255.255.252.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer1
 ip address negotiated
 ip access-group 101 out
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication pap chap callin
 ppp chap hostname **************
 ppp chap password 7 ************************
 ppp pap sent-username ********************************
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
!
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.16.0 0.0.3.255 10.1.2.0 0.0.0.255
access-list 101 remark SDM_ACL Category=19
access-list 101 remark IPSec Rule
access-list 101 deny   ip 192.168.16.0 0.0.3.255 10.1.2.0 0.0.0.255
access-list 101 permit ip 192.168.16.0 0.0.3.255 any
route-map SDM_RMAP_1 permit 1
 match ip address 101
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login local
!
scheduler max-task-time 5000
end


ASA Configuration

      access-list Outside_1_cryptomap line 1 extended permit ip 10.1.2.0 255.255.255.0 192.168.16.0 255.255.252.0
      tunnel-group 2.2.2.2 type ipsec-l2l
      tunnel-group 2.2.2.2 ipsec-attributes
        pre-shared-key **********
        isakmp keepalive threshold 10 retry 2
      crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
      crypto map Outside_map 1 match address Outside_1_cryptomap
      crypto map Outside_map 1 set  peer  2.2.2.2
      crypto map Outside_map 1 set  transform-set  ESP-AES-128-SHA


Any help please?

Thanks
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros