We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 549 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


299 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,

Notable Replies

  1. Rene,

    Hello, that was very good! Is there any issue if there are two different versions of the ASA, one before 8.4 and one after with the keyword “ikev1” and “isakmp”, or is that just a local setting?



  2. Hi Chris,

    That shouldn't be an issue, these are just local commands.


  3. Hi Rene,

    Thank you for the explanation.

    I've a question

    As the traffic is coming from the OUTSIDE to INSIDE zones, do we need an inbound ACL in the Outside interface ( applicable for both ASAs) ?

    Thank you



  4. Hi Taslim,

    There's no need to do this, the ASA will permit the site-to-site traffic by default. One thing to remember when configuring site-to-site VPNs is to configure NAT excemption. By default the ASA will translate all packets from the INSIDE, even when the destination is on the other side of the tunnel.


  5. Hi Rene,

    I modified the network in your example with a few more nodes on each site. The network diagram is attached.

    The IPSec tunnel is up. Ping from end node 1 to end node 2 is working.
    Ping and wget from End Node 1 to Web Server 1 is working and from End Node 2 to Web Server 2 is also working.

    However, the ping/wget from End node in one site to the web server on the other site is not working in either direction. When checked with ASA logs, the tunnel is set up and the ping is getting delivered to the web server, but the web server is not responding to the ping request.

    Can you please help me find out the issue?

Continue the discussion forum.networklessons.com

56 more replies