Ping from ASA to remote network over VPN

Discussion in 'Cisco' started by P1, Jun 1, 2009.

  1. P1

    P1 Guest

    Site-to-site VPN between two ASAs. From the ASA, I can't ping hosts on
    the remote network, other side of the site-to-site. I would like to be
    able to upload the config (write net) to a tftp server there.

    Thanks,
    Paul
     
    P1, Jun 1, 2009
    #1
    1. Advertising

  2. P1

    Brian V Guest

    "P1" <> wrote in message
    news:4a24475e$0$2698$...
    > Site-to-site VPN between two ASAs. From the ASA, I can't ping hosts on
    > the remote network, other side of the site-to-site. I would like to be
    > able to upload the config (write net) to a tftp server there.
    >
    > Thanks,
    > Paul


    management-access inside on both ASA's. That will allow you to
    connect/ping/tftp to the inside interfaces from the opposite LAN's
     
    Brian V, Jun 2, 2009
    #2
    1. Advertising

  3. P1

    P1 Guest

    Artie Lange wrote:
    > P1 wrote:
    >> Site-to-site VPN between two ASAs. From the ASA, I can't ping hosts
    >> on the remote network, other side of the site-to-site. I would like
    >> to be able to upload the config (write net) to a tftp server there.
    >>
    >> Thanks,
    >> Paul

    >
    >
    > Must create ACL. You have chosen to check ACL for VPN traffic
    >
    >
    > access-list OUTSIDE_access_in extended permit ip 172.16.1.0
    > 255.255.255.0 192.168.0.0 255.255.255.0
    >
    > general allow IP rule, source is remote network to local network
    > customize for icmp


    I was unsuccessful... Partial configs below, public IPs changed to
    protect the innocent...

    FIREWALL 1:
    !
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address 68.40.247.2 255.255.255.0
    no igmp
    !
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 192.168.30.1 255.255.255.0
    !
    access-list outside extended permit ip 172.16.1.0 255.255.255.0
    192.168.30.0 255.255.255.0
    !

    FIREWALL 2:
    !
    interface Ethernet0/0
    speed 100
    duplex full
    nameif outside
    security-level 0
    ip address 208.206.113.196 255.255.255.224
    !
    interface Ethernet0/1
    speed 100
    duplex full
    nameif inside
    security-level 100
    ip address 172.16.1.1 255.255.255.0
    !
    access-list outside extended permit ip 192.168.30.0 255.255.255.0
    172.16.1.0 255.255.255.0
    !

    Thanks again,
    Paul
     
    P1, Jun 3, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,451
  2. pasatealinux
    Replies:
    1
    Views:
    2,119
    pasatealinux
    Dec 17, 2007
  3. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    1,064
    Theo Markettos
    Feb 14, 2008
  4. Replies:
    2
    Views:
    3,829
  5. mayureshjo

    One remote network - two VPN tunnels on cisco ASA

    mayureshjo, Mar 6, 2009, in forum: Computer Support
    Replies:
    0
    Views:
    545
    mayureshjo
    Mar 6, 2009
Loading...

Share This Page