Cisco L2L VPN

Posted on 2013-09-12
Medium Priority
Last Modified: 2013-10-13
Good day All,
I have a slight problem that  I am trying to resolve, I have and ASA which is being used to provide VPN.  The existing config has Remote access tunnels authenticated via digital certificate and an Lan to Lan tunnel which are being terminated on the internal interface of the ASA.  I now need to create and DMZ interface that will also be the terminating interface for another L2L tunnel.  My problem is that the tunnel is established for the DMZ and i can see data being transmitted and recieved when i look at the VPN tunnels under monitor, however i can't ping devices accross the tunnel between the DMZ and the remote site.  Please find attached config on device and drawing with logical setup.
Question by:operationsbze
  • 4

Author Comment

ID: 39488713
lots of views but no responses
LVL 20

Expert Comment

ID: 39497208
access-list Outside_nat0_outbound extended permit ip object-group Maskall-RTAC

The above shouldn't be needed, and could possibly be causing your problem if this affects the rpf check. You should only need the nat 0 on the "inside" interface which for this scenario is Systemplanning.

Also, you have nat-t disabled on that crypto map. Although this isn't necessarily a problem, just make sure that's what you really want.

This is tough to troubleshoot because you can only use packet-tracer one direction. Would you be able to post the packet-tracer output for traffic going from Systemplanning to RTAC?

Author Comment

ID: 39497759
Thanks for the response Rauenpc, I've tried the tunnel without that ACL entry and it didn't make a difference, but will remove it just to be on the safe side.  I had to disable NAT-T because the tunnel refused to come up if i enabled that functionality.  I am trying to connect a Cisco ASA and an Oncell 3150 but doesn't seem to be going my way at the moment .

Accepted Solution

operationsbze earned 0 total points
ID: 39556323
OK found the issue, the configuration was correct, however the remote device is running off an Edge network that is very slow and giving a lot of retransmissions, 4  for every legit packet so that is basically unusable.

Author Closing Comment

ID: 39569023
because no other user provided a solution that worked and as such i had to do the research on my own to find the problem.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question