How do I tell when the site to site VPN is established?

I'm trying to establish a site to site, or LAN to LAN VPN, which should allow full access between LAN "A" and LAN "B". Once I have the config set up the way it should be, does the VPN tunnel just "automagically" appear? Do I have to do "something" to make it happen? Do I have to reboot the ASA? How do I tell if it is working?

I'm doing all of the config using remote access (via ASDM) to the two ASA

5505's in question, so I can't see the "VPN" light on the front of the unit, nor do I have access to try a ping from a machine on one LAN to a machine on the other LAN. The only pinging I can try is from the ping function in ASDM.

Should the VPN "counter" on the main screen of ASDM change from 0 to 1 as soon as I get the config correct, or does data matching the ACLs have to flow before it establishes the tunnel?

I know these are stupid questions, but I really appreciate any help.

Reply to
Kevin Tubbs
Loading thread data ...

Do you have access to SSH or telnet into the ASA's? If so you can probably do something like:

sh crypto isakmp sa

sh crypto ipsec sa

I can't say I have much experience with the graphical ASDM so I am not sure. From command line the show crypto area is where you will want to be to find most of your relevant info assuming the ASAs even have those commands.

Reply to
DarkFiber Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.