Solved

Tunnel phase 2 question

Posted on 2015-02-18
6
127 Views
Last Modified: 2015-02-18
2015-02-18-9-06-46.jpg

What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer but the pkts encaps are growing when I ping the subnet and pkts decaps are staying the same. decapsulation seems like it's not happening?
0
Comment
Question by:Shark Attack
  • 3
  • 3
6 Comments
 
LVL 93

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40616768
What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer

Are the two ends of the tunnel on the same subnet?  That will cause what you see.

What answer do you get when you run PING?
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40616786
It finally worked. I think the issues seems to be with their subnets. I got it to work thanks!
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40616816
@Zack Gil  - Thank you for the update and I was happy to help.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Author Comment

by:Shark Attack
ID: 40616848
let me ask you a questions since we're at the topic.

How come when I create a crypto map on the asa 5520 v 8.2  I only get an option to create a dynamic map?

When I do crypto map MAP 50 ipsec-isakmp and hit enter, I get command incomplete, so I hit the ? and I get dynamic. How can I just get ipsec-isa and not dynamic map?








Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)206

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

Suzlon-Chicago-IL-Primary-ASA up 49 days 17 hours

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40616862
I use Juniper and Cisco RVxx routers so the commands and GUI interfaces are different. The subnet issue affects all VPN setups.

Please look at this Cisco Support Article that says that parameters need to be completed before the command can work.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html#err

Look down the page for "WARNING: crypto map entry will be incomplete "

See if this sheds any light.
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40616874
thanks !
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question