First off, not a network engineer. This built using guides from Meraki.
For the purpose of this, ASA is local, Meraki is remote. Also, I'm doing this via ASDM on the ASA.
Tunnel is up, at least according to Meraki dashboard. I get the little green light in the non-meraki peers section of VPN Status page.
Back at my ASA:
- I built the network objects for each remote network (4 in total) and put them into a network object group (Business-Office).
- I built an ACL listing all applicable Local Networks and the Remote Business-Office grp obj are permitted to talk.
- Created the Tunnel Group, CryptoMap (set to bi-directional), and applied everything to our External interface.
As I said, Meraki side says tunnel is up.
On Meraki Dash:
- Created a non-Meraki peer pointing to public ip of ASA
- Defined the private subnets that the ASA would be allowing over
- IPSec Policies are Default
- PSK same as set in ASA
- Availability set to entire Business Office tag (made sure to tag the network in the dashboard).
- Inbound/Outbound rules for tunnel set to Any across the board.
I can't for the life of me figure out why I can't access networks in either direction.
Any input would be greatly appreciated.
No comments:
Post a Comment