Ok lets ignore encryption...
 
- Tested that there is ping connectivity between R1 and ASA2. No routing
issue therefore tunnel should come up.
 
- For R1 and ASA1 communication, I need static translation on PIX for R1
(10.2.2.1 --> 192.1.12.1.5) and ACL (permit ip any any on outside
interface) on PIX. Plus statics on R1 and ASA1.
 
  What else is needed?

________________________________

From: Joshua Walton [mailto:[EMAIL PROTECTED] 
Sent: Saturday, December 29, 2007 5:42 PM
To: Anshul Arora (akarora); [email protected]
Subject: RE: [OSL | CCIE_Security] CCIE_Security Digest, Vol 18, Issue
13


before adding encryption it is a good idea to test basic routing so you
will know where to troubleshooting if needed.


Best Regards,
 
- Joshua R. Walton
  Senior Network Engineer 
  CCNP, CCSP, CCVP, INFOSEC



________________________________

        Subject: RE: [OSL | CCIE_Security] CCIE_Security Digest, Vol 18,
Issue 13
        Date: Sat, 29 Dec 2007 17:34:25 -0800
        From: [EMAIL PROTECTED]
        To: [EMAIL PROTECTED]; [email protected]
        
        
        SSH is not working. Seeing the following message in output.
         
        R1#ssh -l ipexpert 10.5.5.55
         
        *Dec 30 01:06:41.675: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of
Informational mode failed with peer at 10.5.5.55
        R1#
        R1#
        
        R1#ssh -l ipexpert 192.1.49.55
         
        R1#
         
        First of all, why R1 is not pinging ASA1? Secondly, If R1 is
able to ping ASA2 then why ssh connection did not establish (as seen in
the above output)?
         
        Attaching sh crypto output and pings from R1 suggesting that
peer relationship with both ASAs is established but still tunnel is not
formed.
         
        Appreciate any help.
        -Anshul
        
        
________________________________

        From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joshua
Walton
        Sent: Saturday, December 29, 2007 10:21 AM
        To: [email protected]
        Subject: Re: [OSL | CCIE_Security] CCIE_Security Digest, Vol 18,
Issue 13
        
        
        verify by SSH'ing to ASA1 and ASA2 from R1
         
        R1# ssh -l ipexpert 192.1.49.55 
         
         
        R1# ssh -l ipexpert 10.5.5.55
        
        
        
        Best Regards,
         
        - Joshua R. Walton
          Senior Network Engineer 
          CCNP, CCSP, CCVP, INFOSEC


        > From: [EMAIL PROTECTED]
        > Subject: CCIE_Security Digest, Vol 18, Issue 13
        > To: [email protected]
        > Date: Sat, 29 Dec 2007 12:00:03 -0500
        > 
        > Send CCIE_Security mailing list submissions to
        > [email protected]
        > 
        > To subscribe or unsubscribe via the World Wide Web, visit
        > http://onlinestudylist.com/mailman/listinfo/ccie_security
        > or, via email, send a message with subject or body 'help' to
        > [EMAIL PROTECTED]
        > 
        > You can reach the person managing the list at
        > [EMAIL PROTECTED]
        > 
        > When replying, please edit your Subject line so it is more
specific
        > than "Re: Contents of CCIE_Security digest..."
        > 
        > 
        > Today's Topics:
        > 
        > 1. Section 15 Task 7.6 (a): Management VPN (Anshul Arora
(akarora))
        > 
        > 
        >
----------------------------------------------------------------------
        > 
        > Message: 1
        > Date: Fri, 28 Dec 2007 20:22:21 -0800
        > From: "Anshul Arora (akarora)" <[EMAIL PROTECTED]>
        > Subject: [OSL | CCIE_Security] Section 15 Task 7.6 (a):
Management VPN
        > To: <[email protected]>
        > Message-ID:
        >
<[EMAIL PROTECTED]>
        > Content-Type: text/plain; charset="us-ascii"
        > 
        > Hi All,
        > 
        > I've R1 and ASA1 configured for secured communication through
IPsec
        > tunnel. The basic problem is that ASA1 can't ping R1 public IP
        > 192.1.12.15 and visa versa. Although R4 can ping R1.
        > Where do I enable ping from ASA1 to R1 so as to bring up the
tunnel?
        > 
        > The same setup is working for R1 and ASA2 tunnel communication
(Task b)
        > verifying that configuration on R1 and ASA is configured
correctly.
        > 
        > Attaching R1, R4 and ASA2 configs.
        > 
        > Appreciate any input.
        > -Anshul
        > 
        > -------------- next part --------------
        > An HTML attachment was scrubbed...
        > URL:
http://onlinestudylist.com/pipermail/ccie_security/attachments/20071228/
63c485b9/attachment-0001.html
        > -------------- next part --------------
        > An embedded and charset-unspecified text was scrubbed...
        > Name: ASA1.txt
        > Url:
http://onlinestudylist.com/pipermail/ccie_security/attachments/20071228/
63c485b9/ASA1-0001.txt
        > -------------- next part --------------
        > An embedded and charset-unspecified text was scrubbed...
        > Name: R1.txt
        > Url:
http://onlinestudylist.com/pipermail/ccie_security/attachments/20071228/
63c485b9/R1-0001.txt
        > -------------- next part --------------
        > An embedded and charset-unspecified text was scrubbed...
        > Name: R4.txt
        > Url:
http://onlinestudylist.com/pipermail/ccie_security/attachments/20071228/
63c485b9/R4-0001.txt
        > 
        > End of CCIE_Security Digest, Vol 18, Issue 13
        > *********************************************
        

Reply via email to