3

Problems with ipsec betwen Cisco ASA 5505 and Juniper ssg5

view full story
linux-howto

http://serverfault.com – I am trying to set up an ipsec tunnel between our ASA 5505 and a Juniper ssg5. The tunnel is up and running, but I cannot get any data through it. The local network I am on is 172.16.1.0 and the remote is 192.168.70.0. But I cannot ping anything on their netowork. I receive a "Phase 2 OK" when I set up the ipsec. I think this is the part of the config that is applicable. It seems like the data is not routed through the tunnel, but I am not sure... object network our-network subnet 172.16.1.0 255.255.255.0 object network their-network subnet 192.168.70.0 255.255.255.0 access-list outside (HowTos)

xskl's picture
Submitted by xskl on 03/25/2012 – Made popular on 03/25/2012

Stories similar to Problems with ipsec betwen Cisco ASA 5505 and Juniper ssg5

I'm completely lost as to how to why this doesn't work. I can't ping, much less reach resources on the other side.

Site2Site tunnel via SSL VPN? 18 weeks 6 days ago

i have tried convincing my opposite office of the tunnel in question to get site-2-site ipsec up and running.

However they are not really into that and run everything via SSL VPN..

Is it possible to create a site to site tunnel via SSL VPN?

How i would setup the ipsec on our Cisco ASA 5505

local net 192.168.0.0/18 remote net 10.50.0.0/18 IKE proposal pre-share-3des-sha, pre-share-aes-256-sha I

NETKEY IPsec and ARP 1 year 8 weeks ago

I'm wondering if I have the correct routing setup for an IPsec tunnel. I have control over the IPsec endpoints and the hosts connected to one side. These hosts are connecting to the tunnel so that they have access to the network on the other side of what I will call the IPsec server.

I recieved a list of commands that were run on the right side of the VPN tunnel which is where the Cisco ASA resides. On my side, I have a linux based firewall running debian with openswan installed.

I have the following situation:

Client subnet(192.168.0.0 /24)---->Router---->Internet---->ASA(172.17.0.2 /24)---->(172.17.0.1 /24)Gateway---->(10.0.0.0 /8)Many subnets

I need to logically connect the client subnet to the "many subnets". On the left side I have a Cisco 2901 and on the other an ASA. I built an IPsec connection between the router and the ASA. The IPsec connection itself works bu

I have had a IPSEC connection setup between two firewalls. Now I want to remove the tunnel in my firewall, a "Fortigate 60".

There are two phases, "Phase 1" and "Phase 2" for each IPSEC connection. I can delete the "Phase 2" entry by clicking the trashcan icon (in the web interface), but there is not such icon for "Phase 1".

VPN Tunnel to work network 17 weeks 5 days ago

I have an IPSec tunnel between work and home, with a pfSense firewall on both ends. The VPN works fine, although I never got DNS to work properly across sites, and I use Host Overrides in the DNS forwarder settings on both ends to be able to access remote machines by name.

I have an host in Amazon EC2 which is configured with an OpenVPN Access Server. The only client to this server is acting as a gateway from a private network. I installed StrongSWAN 5 on the same host to allow windows 7 and iOS clients to connect using IPSEC. Both services works but what I cannot figure out is how to configure StrongSWAN to consider the OpenVPN tunnel endpoint as the only gateway a

I am having trouble with a site to site tunnel. Both routers are centos based routers. Router A is the server, and router B is the client.

The VPN tunnel is established. From router B, I can ping anything on the network of router A. From router A (and the network behind it),

I cannot ping anything on the network behind router B, or behind router A.

So basically, router B is the only node that