![]() ![]() I am still unable to ping 8.8.8.8 from 10.0.0.100, here is the packet-tracer output as requested:Ĭiscoasa# packet-tracer input inside icmp 10.0.0.100 8 0 8.8.8.8 Okay, you are right in saying the packets are not dropped when doing a packet tracer to 192.168.8.1. * - candidate default, U - per-user static route, o - ODR I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area ![]() N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2Į1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP In 192.168.8.250 255.255.255.255 identityĬodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPĭ - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area Ping from ASA-1 inside interface - UnsuccessfulĬiscoasa# packet-tracer input inside icmp 10.1.0.1 8 0 192.168.8.250 Ping from PC1 to ASA inside interface - Successful Quite simply put, the ASA seems to have no route between two directly connected interfaces (inside & outside). It is worth noting that I am able to ping the inside interface of ASA-1 from both PC1 and R1. When pinging from the firewall I am able to ping outside to 8.8.8.8, however, when pinging from the inside interface, PC1 or R1 I am not able to reach 8.8.8.8. The problem I am having is as follows: I am unable to pass traffic through the firewall from inside to outside with the following Drop-reason: (no-route) No route to host I have a directly connected inside network of 10.1.0.0/24 and an outside network of 192.168.8.0/24. It is fairly straightforward in terms of networks. I have created a lab in GNS3 utilizing the GNS3 VM: I know there are similar posts on these types of issues, however none seem to have assisted me in resolving my issue. No threat-detection statistics tcp-interceptĬryptochecksum:a9ad5c46168208f2cbe4d110eea40cf9Ĭrypto isakmp key cisco123 address 1.1.1.2Ĭrypto ipsec transform-set ESP-AES-SHA esp-3des esp-md5-hmacĪccess-list 110 permit icmp any any echo-replyĪccess-list 110 permit ip host 172.16.16.2 host 192.168.0.I am hoping somebody can assist me here. Snmp-server enable traps snmp authentication linkup linkdown coldstart warmstartĬrypto ipsec ikev1 transform-set MYVPN esp-3des esp-md5-hmacĬrypto map abcmap 20 match address BRANCH_MAINĬrypto map abcmap 20 set ikev1 transform-set MYVPNĬrypto map abcmap 20 set security-association lifetime seconds 86400 ![]() Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absoluteĭynamic-access-policy-record DfltAccessPolicy Icmp unreachable rate-limit 1 burst-size 1Īccess-group Outside_in in interface OUTSIDE I dont know how to peer it with external interface of the same ASA.īelow are the config on both the ASA and ROUTER.Įnable password 8Ry2YjIyt7RRXU24 encryptedĪccess-list Outside_in extended permit icmp any interface OUTSIDEĪccess-list BRANCH_MAIN extended permit ip object LOCAL object REMOTE Note: it is not like this on the router as it just keeps increasingģ.I want to add another router to the topology such that i will create another VPN peer with the same ASA, but how do i connect it to the same EXTERNAL interface of the ASA. continuous sh crypto isakmp sa from ASA shows traffic is increasing but after few seconds the tunnel will disappear and the counter for the encrypt/decrypt will start from o again. Always time out, how can i make it replyĢ. ping from either of the host is bringing up the tunnel but it has never replied. VPCS host 1 -> ASA5520 ROUTER<-VPCS host 2īoth phase 1 and 2 are up and the VPN traffic is being encrypted and decrypted. Please i have this few issues with the site to site VPN simulated in GNS3.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |