RE: ASA Site to Site IP Sec tunnel problem

On Fri, Sep 30, 2011 at 05:19:40, Timothy Chin wrote:
> Cc: Joseph L. Brunner; ccielab_at_groupstudy.com
> Subject: RE: ASA Site to Site IP Sec tunnel problem
>
> You can originate traffic via the inside interface. Try "ping inside 20.0.0.1"
> from asa2. Also do a "debug crypto isakamp 255".
>
> Timothy Chin
> CCIE #23866
>

If you want some more information, you could run a packet-tracer from the CLI and see if it's hitting your interesting traffic ACL as expected:

packet-tracer input inside icmp 10.0.0.1 8 0 20.0.0.1 detailed

If you run that command twice or use Timothy's example you should see where your issue is.

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 30 2011 - 13:03:06 ART