Hi,
An IPSec tunnel is established between ASA5505 and ASA5520. Phase 1 and 2 are both completed.
I am able to ping the 'Internal' interface IP of the ASA5520 from the laptop connected to E0/1 of ASA 5505, but I get "Destination Host Unreachable" when I ping a Server connected on an unmanaged switch which is inturn, connected to E0/1 of the ASA5520. I am also able to telnet into the ASA 5520 from the laptop connected to ASA 5505.
I am able to ping ASA 5505 'Inside' interface and the laptop from the 'Internal' interface of ASA 5520 using the 'Ping Internal <ASA 5505 IP>' command.
I am getting the following error at the ASA5520 side when i try to ping 172.17.0.2:
3 Aug 18 2009 00:39:50 713042 IKE Initiator unable to find policy: Intf external, Src: 172.17.0.1, Dst: 63.237.x.x
The following is my crypto map so far:
================================================
crypto map gigabitether1_map 40 match address internal_1_cryptomap
crypto map gigabitether1_map 40 set pfs
crypto map gigabitether1_map 40 set peer 172.17.0.40
crypto map gigabitether1_map 40 set transform-set ESP-3DES-SHA
crypto map gigabitether1_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map gigabitether1_map interface internal
crypto map external_map 50 match address external_1_cryptomap
crypto map external_map 50 set pfs
crypto map external_map 50 set peer 63.237.x.x
crypto map external_map 50 set transform-set ESP-3DES-SHA
crypto map management_map 1 match address external_cryptomap
crypto map management_map 1 set peer 38.104.x.x 62.73.x.x
crypto map management_map 1 set transform-set ESP-3DES-SHA
crypto map management_map 2 match address external_2_cryptomap
crypto map management_map 2 set pfs
crypto map management_map 2 set peer 67.148.x.x
crypto map management_map 2 set transform-set ESP-3DES-SHA
crypto map management_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map management_map interface external
crypto map management_map interface management
crypto ca trustpoint ASDM_TrustPoint0
=======================================================
Could the error be due to issues from my crypto map? noticed management_map have 2 differet tunnels.
An IPSec tunnel is established between ASA5505 and ASA5520. Phase 1 and 2 are both completed.
I am able to ping the 'Internal' interface IP of the ASA5520 from the laptop connected to E0/1 of ASA 5505, but I get "Destination Host Unreachable" when I ping a Server connected on an unmanaged switch which is inturn, connected to E0/1 of the ASA5520. I am also able to telnet into the ASA 5520 from the laptop connected to ASA 5505.
I am able to ping ASA 5505 'Inside' interface and the laptop from the 'Internal' interface of ASA 5520 using the 'Ping Internal <ASA 5505 IP>' command.
I am getting the following error at the ASA5520 side when i try to ping 172.17.0.2:
3 Aug 18 2009 00:39:50 713042 IKE Initiator unable to find policy: Intf external, Src: 172.17.0.1, Dst: 63.237.x.x
The following is my crypto map so far:
================================================
crypto map gigabitether1_map 40 match address internal_1_cryptomap
crypto map gigabitether1_map 40 set pfs
crypto map gigabitether1_map 40 set peer 172.17.0.40
crypto map gigabitether1_map 40 set transform-set ESP-3DES-SHA
crypto map gigabitether1_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map gigabitether1_map interface internal
crypto map external_map 50 match address external_1_cryptomap
crypto map external_map 50 set pfs
crypto map external_map 50 set peer 63.237.x.x
crypto map external_map 50 set transform-set ESP-3DES-SHA
crypto map management_map 1 match address external_cryptomap
crypto map management_map 1 set peer 38.104.x.x 62.73.x.x
crypto map management_map 1 set transform-set ESP-3DES-SHA
crypto map management_map 2 match address external_2_cryptomap
crypto map management_map 2 set pfs
crypto map management_map 2 set peer 67.148.x.x
crypto map management_map 2 set transform-set ESP-3DES-SHA
crypto map management_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map management_map interface external
crypto map management_map interface management
crypto ca trustpoint ASDM_TrustPoint0
=======================================================
Could the error be due to issues from my crypto map? noticed management_map have 2 differet tunnels.