Azure site-to-site VPN to Cisco ASA 5512-X issue

LA_Admin
LA_Admin used Ask the Experts™
on
Hello everyone,

I configured site-to-site VPN in Azure to our Cisco ASA 5512-X. The Azure Vnet dashboard says it is connected, and shows Data Out, not in (image attached). When I attempt telnet or ping from the Azure VNet to the onprem network, there is no response. When I run Packet tracer on the ASA, it works (image attached). What might I be doing wrong here?

UPDATE: Added sanitized config
2016-03-01-13_28_06-Networks---Micro.png
2016-03-01-13_27_44-Cisco-ASDM-Packe.png
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
I fixed this. For whoever needs help in the future, the issue was that the VPN script Azure generates is for the 8.3 OS. My OS is 9.1, and the nat rule generated in the script was:

nat (inside,outside) source static onprem-networks onprem-networks destination static azure-networks azure-networks

Open in new window


What was needed is at the end:

nat (inside,outside) source static onprem-networks onprem-networks destination static azure-networks azure-networks no-proxy-arp route-lookup

Open in new window


Once the correct rule was entered, ping and telnet worked.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial