Solved

Tunnel phase 2 question

Posted on 2015-02-18
6
124 Views
Last Modified: 2015-02-18
2015-02-18-9-06-46.jpg

What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer but the pkts encaps are growing when I ping the subnet and pkts decaps are staying the same. decapsulation seems like it's not happening?
0
Comment
Question by:Shark Attack
  • 3
  • 3
6 Comments
 
LVL 93

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40616768
What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer

Are the two ends of the tunnel on the same subnet?  That will cause what you see.

What answer do you get when you run PING?
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40616786
It finally worked. I think the issues seems to be with their subnets. I got it to work thanks!
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40616816
@Zack Gil  - Thank you for the update and I was happy to help.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 3

Author Comment

by:Shark Attack
ID: 40616848
let me ask you a questions since we're at the topic.

How come when I create a crypto map on the asa 5520 v 8.2  I only get an option to create a dynamic map?

When I do crypto map MAP 50 ipsec-isakmp and hit enter, I get command incomplete, so I hit the ? and I get dynamic. How can I just get ipsec-isa and not dynamic map?








Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)206

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

Suzlon-Chicago-IL-Primary-ASA up 49 days 17 hours

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40616862
I use Juniper and Cisco RVxx routers so the commands and GUI interfaces are different. The subnet issue affects all VPN setups.

Please look at this Cisco Support Article that says that parameters need to be completed before the command can work.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html#err

Look down the page for "WARNING: crypto map entry will be incomplete "

See if this sheds any light.
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40616874
thanks !
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question