VPN tunnel only works initially from one end ???

rico_hao40 · ‎08-01-2007

I have a VPN LAN2LAN tunnel between ASA and 827. The issue is if session initiate from 827 to ASA, the tunnel can established but no traffic can get through???

if session initiate from ASA to 827 everything is working. Then the session can initiate both way??

Below is ASA error log if session from 827 to ASA:

"Aug 01 2007 12:32:19: %ASA-7-710006: ESP request discarded from 76.x.x.x (827) to outside:x.x.x.x (ASA)"

I already enabled isakmp and vpn-map on outside interface.

Need help

Thanks

Jon Marshall · ‎08-01-2007

Hi

Could you post configs of ASA / 837 together with the source and destination IP's.

Please remove any sensitive info eg keys, passwords etc. from configs.

Jon

purohit_810 · ‎08-01-2007

Hi,

710006

Error Message %PIX|ASA-7-710006: protocol request discarded from source_address to

interface_name:dest_address

Explanation This message appears when the security appliance does not have an IP server that services the IP protocol request; for example, the security appliance receives IP packets that are not TCP or UDP, and the security appliance cannot service the request.

Recommended Action In networks that heavily utilize broadcasting services such as DHCP, RIP or NetBios, the frequency of this message can be high. If this message appears in excessive numbers, it may indicate an attack.

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1285757

Regards,

Dharmesh Purohit

saquib.mkhan · ‎07-24-2008

Hi,

Were you able to resolve the issue above and what was the resolution ?

Much appreciated.

rsgamage1 · ‎07-30-2008

Below is ASA error log if session from 827 to ASA:

"Aug 01 2007 12:32:19: %ASA-7-710006: ESP request discarded from 76.x.x.x (827) to outside:x.x.x.x (ASA)"

Is this the only notable message you got?

Have you gone through the logs to see what IKE phase 1 and phase 2 processes indicate when attempted from each side?