• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 175
  • Last Modified:

VPN Not Completing Phase 2

Need Assistance troubleshooting Phase 2 of VPN; doesn't look like it's completing the Phase. It does state on the ASA that it completes Phase 1, but reviewing the attached screenshot (minus IPs) Phase 2 is having issues.

Direction:
Pinging Internal Network from external Firewall thru VPN (using internal network IPs)

THANKS
VPN-Log.jpg
0
Spt_Us
Asked:
Spt_Us
  • 3
  • 2
1 Solution
 
Craig BeckCommented:
Check the ACL which defines the subnets allowed at the local and remote end of the VPN.
0
 
Spt_UsAuthor Commented:
Thanks; I did that and it seems to have been the issue. i.e. I am allowing icmp, tcp, ip, udp. Question is; this is a site to site; the other side needs to access files, application and domain on this side. I do not see the 'errors; that i was seeing prior;  what's my next step. Do I need to NAT or Forward the address / vpn to a certain 'server' for this.
0
 
Craig BeckCommented:
If you have a site-to-site there's pure routing, so no NAT required.  If the ACL is permitting IP traffic each way you should be fine.
0
 
Spt_UsAuthor Commented:
Right now I am routing to .0 for networks; do I need to route to static IPs on servers since they (the site) only needs access to certain things... I appreciate the help; this has been so helpful.
0
 
Craig BeckCommented:
If the server at site A uses the router at site A as its default gateway, and the clients at site B use the router at site B as their default gateway it should all just work.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now