Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Site to Site VPN Tunnel

Reply
Thread Tools

Site to Site VPN Tunnel

 
 
Cisco563
Guest
Posts: n/a
 
      06-23-2007
I have a site to site VPN tunnel setup. The network diagram can be
found at www.virgoletta.com. There are some issues with the VPN
tunnel. One is why can't I ping devices through the tunnel? Also, if I
try to telnet into a device from the ASA side to the PIX I am not abel
to? I looked on the loggs for the ASA and below is the output.
However, if I try to telnet from the PIX side to the ASA side I can
telnet but cannot ping. If you need me to post the config for both the
ASA and PIX let me know.

Thank You

single_vf %ASA-7-609001: Built local-host inside:10.1.1.4
single_vf %ASA-3-305006: portmap translation creation failed for tcp
src inside:10.178.183.68/1025 dst inside:10.1.1.4/23
single_vf %ASA-7-609002: Teardown local-host inside:10.178.183.68
duration 0:00:00
single_vf %ASA-7-609002: Teardown local-host inside:10.1.1.4 duration
0:00:00

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      06-23-2007
In article <(E-Mail Removed) .com>,
Cisco563 <(E-Mail Removed)> wrote:
>I have a site to site VPN tunnel setup. The network diagram can be
>found at www.virgoletta.com. There are some issues with the VPN
>tunnel. One is why can't I ping devices through the tunnel? Also, if I
>try to telnet into a device from the ASA side to the PIX I am not abel
>to? I looked on the loggs for the ASA and below is the output.
>However, if I try to telnet from the PIX side to the ASA side I can
>telnet but cannot ping. If you need me to post the config for both the
>ASA and PIX let me know.



>single_vf %ASA-7-609001: Built local-host inside:10.1.1.4
>single_vf %ASA-3-305006: portmap translation creation failed for tcp
>src inside:10.178.183.68/1025 dst inside:10.1.1.4/23
>single_vf %ASA-7-609002: Teardown local-host inside:10.178.183.68
>duration 0:00:00
>single_vf %ASA-7-609002: Teardown local-host inside:10.1.1.4 duration
>0:00:00


Not much to go on there. My speculation at this point would be that
you have a 'route' statement that should not be there. Do not 'route'
the remote network to the inside interface.
 
Reply With Quote
 
 
 
 
Chad Mahoney
Guest
Posts: n/a
 
      06-25-2007
Cisco563 wrote:
> I have a site to site VPN tunnel setup. The network diagram can be
> found at www.virgoletta.com. There are some issues with the VPN
> tunnel. One is why can't I ping devices through the tunnel? Also, if I
> try to telnet into a device from the ASA side to the PIX I am not abel
> to? I looked on the loggs for the ASA and below is the output.
> However, if I try to telnet from the PIX side to the ASA side I can
> telnet but cannot ping. If you need me to post the config for both the
> ASA and PIX let me know.
>
> Thank You
>
> single_vf %ASA-7-609001: Built local-host inside:10.1.1.4
> single_vf %ASA-3-305006: portmap translation creation failed for tcp
> src inside:10.178.183.68/1025 dst inside:10.1.1.4/23
> single_vf %ASA-7-609002: Teardown local-host inside:10.178.183.68
> duration 0:00:00
> single_vf %ASA-7-609002: Teardown local-host inside:10.1.1.4 duration
> 0:00:00
>


The above error messages indicate you are not excluding from NAT the
local address from the remote side, if you could post you NAT
configuration as well any ACL's that are applied to the VPN tunnel.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Site to site VPn tunnel and VPN tunnel Trouble Cisco 1 08-04-2006 08:09 AM
Site to site VPn tunnel and VPN tunnel Trouble Cisco 0 08-04-2006 04:23 AM
site-to-site VPN tunnel with remote VPN clients David Mitchell Cisco 0 06-21-2006 03:07 PM
Split Tunnel Blocks http through tunnel but passes http around tunnel a.nonny mouse Cisco 2 09-19-2004 12:10 AM
Termination of an IPSec VPN tunnel and a GRE Tunnel on one physical interface. John Ireland Cisco 1 11-11-2003 04:47 PM



Advertisments