Tunnel phase 2 question

2015-02-18-9-06-46.jpg

What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer but the pkts encaps are growing when I ping the subnet and pkts decaps are staying the same. decapsulation seems like it's not happening?
LVL 3
Shark AttackNetwork adminAsked:
Who is Participating?
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer

Are the two ends of the tunnel on the same subnet?  That will cause what you see.

What answer do you get when you run PING?
0
 
Shark AttackNetwork adminAuthor Commented:
It finally worked. I think the issues seems to be with their subnets. I got it to work thanks!
0
 
JohnBusiness Consultant (Owner)Commented:
@Zack Gil  - Thank you for the update and I was happy to help.
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
Shark AttackNetwork adminAuthor Commented:
let me ask you a questions since we're at the topic.

How come when I create a crypto map on the asa 5520 v 8.2  I only get an option to create a dynamic map?

When I do crypto map MAP 50 ipsec-isakmp and hit enter, I get command incomplete, so I hit the ? and I get dynamic. How can I just get ipsec-isa and not dynamic map?








Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)206

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

Suzlon-Chicago-IL-Primary-ASA up 49 days 17 hours

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
0
 
JohnBusiness Consultant (Owner)Commented:
I use Juniper and Cisco RVxx routers so the commands and GUI interfaces are different. The subnet issue affects all VPN setups.

Please look at this Cisco Support Article that says that parameters need to be completed before the command can work.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html#err

Look down the page for "WARNING: crypto map entry will be incomplete "

See if this sheds any light.
0
 
Shark AttackNetwork adminAuthor Commented:
thanks !
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.