Site-to-site VPN between two ASAs. From the ASA, I can't ping hosts on the remote network, other side of the site-to-site. I would like to be able to upload the config (write net) to a tftp server there.
Thanks, Paul
management-access inside on both ASA's. That will allow you to connect/ping/tftp to the inside interfaces from the opposite LAN's
Must create ACL. You have chosen to check ACL for VPN traffic
access-list OUTSIDE_access_in extended permit ip 172.16.1.0
255.255.255.0 192.168.0.0 255.255.255.0general allow IP rule, source is remote network to local network customize for icmp
I was unsuccessful... Partial configs below, public IPs changed to protect the innocent...
FIREWALL 1: ! interface Ethernet0/0 nameif outside security-level 0 ip address 68.40.247.2 255.255.255.0 no igmp ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.30.1 255.255.255.0 ! access-list outside extended permit ip 172.16.1.0 255.255.255.0
192.168.30.0 255.255.255.0 !FIREWALL 2: ! interface Ethernet0/0 speed 100 duplex full nameif outside security-level 0 ip address 208.206.113.196 255.255.255.224 ! interface Ethernet0/1 speed 100 duplex full nameif inside security-level 100 ip address 172.16.1.1 255.255.255.0 ! access-list outside extended permit ip 192.168.30.0 255.255.255.0
172.16.1.0 255.255.255.0 !Thanks again, Paul
Turn up logging on one side and capture the deny packets.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.