Spt_Us
asked on
VPN Not Completing Phase 2
Need Assistance troubleshooting Phase 2 of VPN; doesn't look like it's completing the Phase. It does state on the ASA that it completes Phase 1, but reviewing the attached screenshot (minus IPs) Phase 2 is having issues.
Direction:
Pinging Internal Network from external Firewall thru VPN (using internal network IPs)
THANKS
VPN-Log.jpg
Direction:
Pinging Internal Network from external Firewall thru VPN (using internal network IPs)
THANKS
VPN-Log.jpg
Check the ACL which defines the subnets allowed at the local and remote end of the VPN.
ASKER
Thanks; I did that and it seems to have been the issue. i.e. I am allowing icmp, tcp, ip, udp. Question is; this is a site to site; the other side needs to access files, application and domain on this side. I do not see the 'errors; that i was seeing prior; what's my next step. Do I need to NAT or Forward the address / vpn to a certain 'server' for this.
If you have a site-to-site there's pure routing, so no NAT required. If the ACL is permitting IP traffic each way you should be fine.
ASKER
Right now I am routing to .0 for networks; do I need to route to static IPs on servers since they (the site) only needs access to certain things... I appreciate the help; this has been so helpful.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.