?
Solved

Tunnel phase 2 question

Posted on 2015-02-18
6
Medium Priority
?
158 Views
Last Modified: 2015-02-18
2015-02-18-9-06-46.jpg

What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer but the pkts encaps are growing when I ping the subnet and pkts decaps are staying the same. decapsulation seems like it's not happening?
0
Comment
Question by:Shark Attack
  • 3
  • 3
6 Comments
 
LVL 99

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 40616768
What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer

Are the two ends of the tunnel on the same subnet?  That will cause what you see.

What answer do you get when you run PING?
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40616786
It finally worked. I think the issues seems to be with their subnets. I got it to work thanks!
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40616816
@Zack Gil  - Thank you for the update and I was happy to help.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 3

Author Comment

by:Shark Attack
ID: 40616848
let me ask you a questions since we're at the topic.

How come when I create a crypto map on the asa 5520 v 8.2  I only get an option to create a dynamic map?

When I do crypto map MAP 50 ipsec-isakmp and hit enter, I get command incomplete, so I hit the ? and I get dynamic. How can I just get ipsec-isa and not dynamic map?








Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)206

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

Suzlon-Chicago-IL-Primary-ASA up 49 days 17 hours

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40616862
I use Juniper and Cisco RVxx routers so the commands and GUI interfaces are different. The subnet issue affects all VPN setups.

Please look at this Cisco Support Article that says that parameters need to be completed before the command can work.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html#err

Look down the page for "WARNING: crypto map entry will be incomplete "

See if this sheds any light.
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40616874
thanks !
0

Featured Post

Rewarding opportunities for women in IT

Across the nation, technology jobs are vacant because there aren’t enough qualified professionals to fill them. With a degree from WGU, you can get the credentials it takes to become an in-demand IT professional. Plus, WGU’s IT programs include industry certifications.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question