Link to home
Start Free TrialLog in
Avatar of Spt_Us
Spt_Us

asked on

VPN Not Completing Phase 2

Need Assistance troubleshooting Phase 2 of VPN; doesn't look like it's completing the Phase. It does state on the ASA that it completes Phase 1, but reviewing the attached screenshot (minus IPs) Phase 2 is having issues.

Direction:
Pinging Internal Network from external Firewall thru VPN (using internal network IPs)

THANKS
VPN-Log.jpg
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Check the ACL which defines the subnets allowed at the local and remote end of the VPN.
Avatar of Spt_Us
Spt_Us

ASKER

Thanks; I did that and it seems to have been the issue. i.e. I am allowing icmp, tcp, ip, udp. Question is; this is a site to site; the other side needs to access files, application and domain on this side. I do not see the 'errors; that i was seeing prior;  what's my next step. Do I need to NAT or Forward the address / vpn to a certain 'server' for this.
If you have a site-to-site there's pure routing, so no NAT required.  If the ACL is permitting IP traffic each way you should be fine.
Avatar of Spt_Us

ASKER

Right now I am routing to .0 for networks; do I need to route to static IPs on servers since they (the site) only needs access to certain things... I appreciate the help; this has been so helpful.
ASKER CERTIFIED SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial