question regarding creating a site-to-site VPN between an ASA 5505and a VPN 3030

Discussion in 'Cisco' started by Mike Rahl, Nov 28, 2007.

  1. Mike Rahl

    Mike Rahl Guest

    HI, all

    I've been hitting a weird problem when attemping to create a site to
    site VPN connection between an ASA 5505 and a VPN 3030. For some
    reason, the IPSEC tunnel gets created, and I can see packets
    encrypting, but I never get packets back, and thus no packets get

    The firewall config is very basic. There is no split tunnelling, and
    the access-lists are set up so that any traffic going from the local
    subnet (say to the remote subnet (say will
    trigger the tunnel to form. The firewall is connected to an ADSL line,
    and the Internet connection seems to come up no problem

    On the VPN 3030 side, we have a static route to the subnet for the asa
    5505 with the public interface being used as the next hop. The VPN
    3030 listens to RIP routes from the rest of the network, but does not
    send routes. All other routers behind the 3030 have a static route for
    the subnet on the ASA 5505.

    Can anyone tell me what are the major steps required to make a site to
    site connection work in this scenario? I've tried using Cisco's
    manuals, and they should work, but it doesn't.

    Mike Rahl, Nov 28, 2007
    1. Advertisements

  2. Mike Rahl

    CK Guest

    As per the issue..

    I understood below scenerio:

    ASA 5505 <------VPN-TUNNEL------> VPN 3030

    Is ASA NAT the inetrnal ips when it hits VPN 3030?
    R u able to see logs/hits on VPN 3030?
    Can u post the logs if u find any..
    CK, Nov 29, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.