Site to site VPN - impossible to reach the other side ASA

Similar Questions

• Tunnel from site to site VPN that overlap within the network

  Hi all

  I need to connect 2 networks via a tunnel VPN site to site. On the one hand, there is a 506th PIX by the termination of the VPN. The other side, I'm not too sure yet.

  However, what I know, is that both sides of the tunnel using the exact same IP subnet 192.168.1.0/24.

  This creates a problem when I need to define the Routing and the others when it comes to VPN and what traffic should be secure etc.

  However, read a lot for the review of CERT. Adv. Cisco PIX and noticed that outside NAT can solve my 'small' problem.

  That's all it is said, but I'd really like to see an example of configuration of this or hear from someone who has implemented it.

  Anyone?

  Steffen

  How is it then?

  http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a00800949f1.shtml

• My desktop app says impossible to reach the Adobe server.

  My desktop app says impossible to reach the Adobe server. Someone else has had this problem. I can't access apps to download?

  Hi Bunglefoot,

  We just got an update on the Adobe website have a server problem. We hope to get it fixed as soon as POSSIBLE.

  You should still be able to launch your applications from the shortcuts

  Kind regards

  Chirag

• Cannot use Adobe CC, guests 'impossible to reach the Adobe server.

  Cannot use Adobe CC, guests 'impossible to reach the Adobe server. Help, please.

  Please see can't use Adobe CC

  (Double Post)

• My doubt is if I press a button, it will redirect you to the other side...

  For a single application I need if I press a button, it will redirect you to the other side, how it is possible in LABVIEW

  Thank you.

  Place your Subvi inside your main diagram of vi.  Use a Structure of the event to capture the key event.

  more information here:

  http://forums.NI.com/T5/LabVIEW/how-to-open-a-subVI-on-a-click-of-a-button/TD-p/1082660

• Does my computer have a microphone? my friends on the other side cannot hear me on Skype.

  Friends on the other side are unable to hear what I say about Skype. Image is pulled over the two screens and I can hear them clearly, but they can not hear a word of what I am saying. This computer has a built-in microphone? Help, please.

  Hello

  Unfortunately, we do not know what kind of computer you have.

  Except that your best resource on it would be the company that built.

  Best regards

  Matthew_Ha

• Unable to speak using the 'phone dialer', hear the ringing tone. can hear the person on the other side... but he can't hear me... and when I press talk the line disconnects... I have an internal modem Agere on laptop HP Pavilion DV6-TX1152... pls help

  I'm develpoing apps using the SAPI, TAPI, however, I'm stuck with a fundamental question... when I dial a number, I can hear the ringtone on the speakers of the laptop... and I can hear the person on the other side as well... but he can't hear me... and as soon as the others left up to the 'Phone dialer' pcks pops up a window with two buttons... 'Talk' and 'Hang up', when I press the talk button, the line is automatically disconnected. Pleas help to solve this problem...

  Hi abhi.jeet,

  Thank you for visiting the website of Microsoft Windows Vista Community.

  The question you have posted is related to application development and would be better suited to the MSDN Community. Please visit the link below to find a community that will provide the support you want.

  http://msdn.Microsoft.com/en-us/default.aspx

  Hope this information is useful.

  Jeremy K

  Microsoft Answers Support Engineer
  Visit our Microsoft answers feedback Forum and let us know what you think.

• call very low voice on the other side (Z5 MM Compact)

  Hello guys,.

  I have a question which appeared suddenly and wont go away.

  My voice is very low, on the other side, people say it's like I want to talk away from the microphone.

  There is no problem with voice recording or when using headphones. I already rebooted the phone but question keeps beeing there.

  It's as if the z5 lowers my voice through the microphone during a call, maybe it's the malfunkctioning of noise cancellation?

  So I had no time for the repair of software, but after upgrading to the new fw X.224 each mentioned last issue is resolved

• How do the windows 8 slabs remain standing on one single screen while im doing stuff on the other side?

  Original tile: need help with tiles of windows 8

  I have 2 screens and I was wondering how do windows 8 slabs stand on one single screen while im doing stuff on the other side. He worked like that when I installed it then all of a sudden that it changed whenever I click on something on the other screen that the tiles go to the desktop automatically.

  Hi Sean, 12,.

  Thanks for posting in the Microsoft Community.

  If I understand you must do the windows 8 slabs remain standing on one screen while making changes, you can check if the settings changed to duplicate.

  If so, try to change the same scope and check if it helps.

  a. open screen resolution by dragging from the edge right of the screen, quilting Search (or if you use a mouse, pointing to the top right of the screen, move the mouse down and then clicking Search), entering display in the search box, type, or by clicking settings, and then type or by clicking display.

  b. press or click on multiple monitors and have her take Extended Display.

  Check if this can help

  For more information, see the articles:

  Use multiple monitors

  Get the best display on your monitor

  If you need further assistance, please answer and we will be happy to help you.

• How would duplicate these anchors - or, how would do everything that I reflect on one side the other side?

  So I'm new to Illustrator and have begun to make a logo, one of the first things that I really need to know is how can I duplicate anchors - I know that I can mirror the forms but I don't want to continue to do that every time I change an anchor on one side... I leave you a screenshot for you show more clearly!

  Draw half of the shape, and then go to Effects-> deformation and transformation-> Transform...

  Check Reflect X and set the anchor point to the left and type 1 in the "copies".

  now, when you move any anchor point on the right, that happen on the other side

• I have a picture (written text) but there is a writing on the other side - is there a way to reverse the image to see the other side

  Hi, the technology is a bit beyond me so I need help please.

  I have a picture of a written text, but I see that there is also something written on the other side.  Is there a way to somehow reverse the picture so I can see what he says on the other side?  Someone says something on a reverse and I don't quite know what they are on everything.  Thanks in advance, Vince

  Can you give more details? How can you see the side 'inverse' of this image? I don't think that you are talking about 3D in Photoshop? If you mean that you see the text "mirrored", you can use, modify, transform and back horizontally.

• 887VDSL2 IPSec site to site vpn does NOT use the easy vpn

  Much of community support.

  as I'm looking through the config Guide about 870 router series, only to find information about the config with eazy vpn.

  is there a classic way, about 870 Series site 2 site without eazy vpn IPSec configuration?

  Have a classic way if a tunnel? Have the 870 is not as a vpn client?

  Thank you

  Of course, here's example of Site to Site VPN configuration for your reference:

  http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080194650.shtml

  http://www.Cisco.com/en/us/products/HW/routers/ps221/products_configuration_example09186a008073e078.shtml

  Hope that helps.

• site to site vpn - internal network even on both sides of the tunnel

  Hi all

  I have the following questions about the Site Site VPN using ASA 5510 and 5505

  Scenerio is

  1. we have five branches & headquarters

  2. we want to establish a vpn between branches & Head Office (VPN from Site to Site)

  3. all branches & head office using the same internal network (192.168.150.0 255.255.255.0)

  My question is

  How can I configure VPN site-to-site between branches & head office with the same internal network (192.168.150.0/24)

  Please help me with the configuration steps & explanation

  I have experience on setting up vpn site to site between branches with differnet internal network (for example: 192.168.1.0/24 and 192.168.2.0/24)

  Waiting for your valuable response

  Hello

  Here are a few links on policy nat

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008046f31a.shtml#T10

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00807d2874.shtml

  Concerning

• VPN Site to Site Ping from one to the other network failed

  Hello

  I just get what I can do a VPN IPSec Site to Site. But if I try to send a ping to a PC (network 1)

  There not for the other PC (network 2).

  PC (network 1) switch PC (network 2)

  between the two ASA I funkctional IPSec VPN tunneling, but I can't access from one to the

  another network. So I hope I will get help here.

  What are the access on the ASA5505 list:

  ASA5505 #.

  access cached list the ACL log stream: total 0, 0 (deny-flow-max 4096) denied

  alert interval 300

  Inside_ICMP list of access; 4 elements

  allowed to Access-list Inside_ICMP line 1 extended icmp any any echo response

  allowed to Access-list Inside_ICMP line 2 extended icmp any any source-quench

  permit for access list Inside_ICMP line lengthened 3 icmp all all inaccessible

  allowed to Access-list Inside_ICMP line 4 extended icmp exceed all once

  outside_cryptomap_2 list of access; 2 items

  access-list outside_cryptomap_2 line 1 comments ACL traffic von ASA5505 zur ASA5510

  allowed to Access-list outside_cryptomap_2 line 2 extended ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

  allowed to access list lengthened 3 icmp outside_cryptomap_2 line 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

  no_NAT list of access; 1 items

  access-list 1 permit line no_NAT extended ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

  ASA5505 #.

  Access-group Inside_ICMP in interface outside

  NAT (inside) 0-list of access no_NAT

  card crypto outside_map 2 match address outside_cryptomap_2

  The inside interface has IP 192.168.1.1

  The access list I also on the other ASA network are changed.

  Could someone help me it will work.

  Best regards

  Hans-Jürgen Guenter

  Please mark this thread as a response but at the moment it is now "not answered", so that it will receive another somoene solve similar problems.

  Thank you

• Site to site VPN tunnel - cannot ping the second interface of the firewall peer inside2

  I have two ASA 5505 firewall each with a basic license: FWa and FWb. currently there is a VPN tunnel between them work. I added a second (inside2) interface to the firewall, FWb, but I can't ping firewall FWa, so that I can ping the inside interface of FWa.

  I can ping the FWb inside interface 192.168.20.1 from the FWa inside 172.16.1.1 interface, but I can not ping to the 10.52.100.10 of the FWa FWb inside2 interface. I can not ping the gateway host FWa 10.52.100.1.

  I show the essential configuration of two firewalls as well as the debug icmp output on the two firewalls that I ping the internal interfaces and of FWa FWb inside2.
  =========================================================

  Here is a skeleton of the FWa configuration:

  name 172.16.1.0 network-inside
  name 192.168.20.0 HprCnc Thesys
  name 10.52.100.0 ring52-network
  name 10.53.100.0 ring53-network
  name S.S.S.S outside-interface

  interface Vlan1
  nameif inside
  security-level 100
  IP 172.16.1.1 255.255.255.0
  !
  interface Vlan2
  Description Connection to 777 VLAN to work around static Comast external Modem and IP address.
  nameif outside
  security-level 0
  outside interface IP address 255.255.255.240

  the DM_INLINE_NETWORK_5 object-group network
  network-object HprCnc Thesys 255.255.255.0
  ring52-network 255.255.255.0 network-object
  ring53-network 255.255.255.0 network-object

  the DM_INLINE_NETWORK_3 object-group network
  ring52-network 255.255.255.0 network-object
  network-object HprCnc Thesys 255.255.255.0
  ring53-network 255.255.255.0 network-object

  outside-interface of the access-list extended permitted Outside_5_cryptomap ip host object-group DM_INLINE_NETWORK_3
  inside_nat_outbound list extended access allowed inside-network ip, 255.255.255.0 DM_INLINE_NETWORK_5 object-group
  permit access list extended ip host 173.162.149.72 Outside_nat0_outbound aus_asx_uat 255.255.255.0

  NAT (inside) 0 access-list sheep
  NAT (inside) 101-list of access inside_nat_outbound
  NAT (inside) 101 0.0.0.0 0.0.0.0
  NAT (outside) 0-list of access Outside_nat0_outbound

  card crypto VPN 5 corresponds to the address Outside_5_cryptomap
  card crypto VPN 5 set pfs Group1
  VPN 5 set peer D.D.D.D crypto card
  VPN 5 value transform-set VPN crypto card
  tunnel-group D.D.D.D type ipsec-l2l
  IPSec-attributes tunnel-Group D.D.D.D
  pre-shared key *.

  =========================================================

  FWb:

  name 10.52.100.0 ring52-network
  name 10.53.100.0 ring53-network
  name 10.51.100.0 ring51-network
  name 10.54.100.0 ring54-network

  interface Vlan1
  nameif inside
  security-level 100
  address 192.168.20.1 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  address IP D.D.D.D 255.255.255.240
  !
  interface Vlan52
  prior to interface Vlan1
  nameif inside2
  security-level 100
  IP 10.52.100.10 255.255.255.0

  the DM_INLINE_NETWORK_3 object-group network
  ring52-network 255.255.255.0 network-object
  ring53-network 255.255.255.0 network-object

  the DM_INLINE_NETWORK_2 object-group network
  ring52-network 255.255.255.0 network-object
  object-network 192.168.20.0 255.255.255.0
  ring53-network 255.255.255.0 network-object

  inside_nat0_outbound to access extended list ip 192.168.20.0 allow 255.255.255.0 host S.S.S.S
  inside2_nat0_outbound list extended access allowed object-group DM_INLINE_NETWORK_3 S.S.S.S ip host

  outside_1_cryptomap list extended access allowed object-group DM_INLINE_NETWORK_2 S.S.S.S ip host

  NAT (inside) 0-list of access inside_nat0_outbound
  NAT (inside) 1 0.0.0.0 0.0.0.0
  inside2_nat0_outbound (inside2) NAT 0 access list
  NAT (inside2) 1 0.0.0.0 0.0.0.0

  Route inside2 network ring51 255.255.255.0 10.52.100.1 1
  Route inside2 network ring53 255.255.255.0 10.52.100.1 1
  Route inside2 network ring54 255.255.255.0 10.52.100.1 1

  card crypto outside_map 1 match address outside_1_cryptomap
  card crypto outside_map 1 set pfs Group1
  outside_map game 1 card crypto peer S.S.S.S
  card crypto outside_map 1 set of transformation-ESP-3DES-SHA
  outside_map interface card crypto outside

  tunnel-group S.S.S.S type ipsec-l2l
  IPSec-attributes tunnel-group S.S.S.S
  pre-shared key *.

  =========================================================================
  I'm Tournai on icmp trace debugging on both firewalls and could see the traffic arriving at the inside2 interface, but never return to FWa.

  Ping Successul FWa inside the interface on FWb

  FWa # ping 192.168.20.1
  Type to abort escape sequence.
  Send 5, echoes ICMP 100 bytes to 192.168.20.1, time-out is 2 seconds:
  Echo request ICMP from outside-interface to 192.168.20.1 ID = 32068 seq = 23510 len = 72
  ! ICMP echo reply to 192.168.20.1 in outside-interface ID = 32068 seq = 23510 len = 72
  ....

  FWb #.
  Echo ICMP of S.S.S.S to 192.168.20.1 ID request = 32068 seq = 23510 len = 72
  ICMP echo reply 192.168.20.1 S.S.S.S ID = 32068 seq = 23510 len = 72
  ==============================================================================
  Successful ping of Fwa on a host connected to the inside interface on FWb

  FWa # ping 192.168.20.15
  Type to abort escape sequence.
  Send 5, echoes ICMP 100 bytes to 192.168.20.15, wait time is 2 seconds:
  Echo request ICMP from outside-interface to 192.168.20.15 ID = seq 50862 = 18608 len = 72
  ! ICMP echo reply to 192.168.20.15 in outside-interface ID = seq 50862 = 18608 len = 72
  ...

  FWb #.
  Inside outside:S.S.S.S ICMP echo request: 192.168.20.15 ID = seq 50862 = 18608 len = 72
  ICMP echo reply to Interior: 192.168.20.15 outside:S.S.S.S ID = seq 50862 = 18608 len = 72

  ===========================
  Unsuccessful ping of FWa to inside2 on FWb interface

  FWa # ping 10.52.100.10
  Send 5, echoes ICMP 100 bytes to 10.52.100.10, wait time is 2 seconds:
  Echo request ICMP from outside-interface to 10.52.100.10 ID = 19752 seq = 63173 len = 72
  ? Echo request ICMP from outside-interface to 10.52.100.10 ID = 19752 seq = 63173 len = 72
  ...

  FWb #.
  10.52.100.10 ID of S.S.S.S ICMP echo request = 19752 seq = 63173 len = 72
  10.52.100.10 ID of S.S.S.S ICMP echo request = 19752 seq = 63173 len = 72
  ....

  ==================================================================================

  Unsuccessful ping of Fwa to a host of related UI inside2 on FWb

  FWa # ping 10.52.100.1
  Type to abort escape sequence.
  Send 5, echoes ICMP 100 bytes to 10.52.100.1, wait time is 2 seconds:
  Echo request ICMP from outside-interface to 10.52.100.1 ID = 11842 seq = 15799 len = 72

  FWb #.
  Echo request ICMP outside:S.S.S.S to inside2:10.52.100.1 ID = 11842 seq = 15799 len = 72
  Echo request ICMP outside:S.S.S.S to inside2:10.52.100.1 ID = 11842 seq = 15799 len = 72

  =======================

  Thank you

  Hi odelaporte2,

  Is very probably the "access management" command is not applied in the second inside, only inside primary (see the race management) which will confirm.

  This command can be applied to an interface at a time, for example, if the law is now applied to the inside, it can not be applied to the inside2 at the same time.

  It may be useful

  -Randy-