![]() Any ideas on what changes need to be made? The remote network is behind another firewall (ASA5505)- doing NAT- but has all ports open on a static translate to the EasyVPN firewall. Once again- I can ping devices from the main network to the remote network- but not the other way around. Sa timing: remaining key lifetime (sec): 26287 Slot: 0, conn_id: 1, crypto-map: _vpnc_cm Path mtu 1500, ipsec overhead 66, media mtu 1500 Local crypto endpt.: XX.XX.XX.XX/4500, remote crypto endpt.: XX.XX.XX.XX/4500 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #pkts not compressed: 110, #pkts comp failed: 0, #pkts decomp failed: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts encaps: 110, #pkts encrypt: 110, #pkts digest: 110 I have a second ASA 5505 that is configured as an EasyVPN device with network extension that connects to a Cisco 3030 VPN Concentrator at work. If I ping from the network with the hub (5510)- I can ping a node on the remote network (5505) side. Find answers to Cisco, ASA, 5505, Two units, one functioning as an EasyVPN/Network Extension and the other as a firewall from the expert community at Experts Exchange. The tunnel comes up (both ISAKMP and IPSEC create a security association)- traffic is not flowing both ways. Local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) I have an ASA 5505 connecting in via EasyVPN to an ASA 5510. Username fort worth password XXXXXX encryptedĬrypto map tag: dynmap, seq num: 10, local addr: XX.XX.XX.XX Vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn Here is the relevant configs:Ĭrypto dynamic-map dynmap 10 set transform-set 3des-md5 3des-sha des-md5 des-sha aes-256-md5Ĭrypto dynamic-map dynmap 10 set reverse-routeĬrypto map VPN 20 ipsec-isakmp dynamic dynmapĭns-server value 192.168.36.2 192.168.253.3 If I ping the other way around- I cannot ping devices on the hub network. ![]() If I ping from the network with the hub (5510)- I can ping a node on the remote network (5505) side. ![]() I have an ASA 5505 connecting in via EasyVPN to an ASA 5510. ![]()
0 Comments
Leave a Reply. |