[c-nsp] traffic not coming on ipsec tunnel for NAT IP

Daljit Singh daljit.singh at digivive.com
Thu Apr 24 02:09:54 EDT 2014


HI,

Actually I am trying to configure ipsec tunnel between two asa 5520 ver 8.0(3) and advertising static nat IP towards tunnel. But whenever my remote trying to initiate traffic then  tunnel established but nothing is happening, I cant even see the logs on asdm if I filter remote ip.

Is there any other configuration needs to be done.


FW1# sh ip
System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
GigabitEthernet0/0       Internet-Link          192.168.215.6   255.255.255.240 CONFIG
GigabitEthernet0/1       Inside-Seachange 192.168.216.129 255.255.255.240 CONFIG

crypto map outside_map 5 match address Internet-Link_2_cryptomap
crypto map outside_map 5 set peer 192.168.41.68
crypto map outside_map 5 set transform-set ESP-3DES-SHA
crypto map outside_map 5 set security-association lifetime seconds 28800
crypto map outside_map 5 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface Internet-Link


access-list Internet-Link_2_cryptomap extended permit ip host 192.168.215.142 host 192.168.42.170

static (Inside-Seachange,Internet-Link) 192.168.215.142 172.31.25.12 netmask 255.255.255.255


I DON'T have a config of remote firewall.


Regards
Daljit Singh

Disclaimer: This e-mail & attachment(s) within it are for sole use of intended recipient(s) & may contain confidential & privileged information. If you are not the intended recipient, please intimate the sender by replying to this email & destroy all copies & the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited & unlawful. The recipient acknowledges that COMPANY , its subsidiaries, associated companies or persons authorized by it (collectively "THE Group"), are unable to exercise control, ensure, guarantee the integrity of/over the contents of the information contained in e-mail transmissions & further acknowledges that any views expressed in this message are those of the individual sender & no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of THE Group.

Disclaimer:

This e-mail & attachment(s) within it are for sole use of intended recipient(s) & may contain confidential & privileged information. If you are not the intended recipient, please intimate the sender by replying to this email & destroy all copies & the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited & unlawful. The recipient acknowledges that COMPANY , its subsidiaries, associated companies or persons authorized by it (collectively "THE Group"), are unable to exercise control, ensure, guarantee the integrity of/over the contents of the information contained in e-mail transmissions & further acknowledges that any views expressed in this message are those of the individual sender & no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of THE Group.



More information about the cisco-nsp mailing list