VPN on ASA...after connection, no bytes transmitted or received?

Unanswered Question
Jul 8th, 2008
User Badges:


Hey all,


I set up a regular IPsec VPN connection into my work.


THe problem is once i am connected, i cant get to anything on our network. I look at the session on the ASA and no bytes are transmitted or received.


I am sure this is something small...any ideas?



Dustin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nomair_83 Tue, 07/08/2008 - 10:21
User Badges:
  • Bronze, 100 points or more

You mean..no bytes at show crypto ipsec sa?

If yes then enable nat traversal and sysopt permit connection ipsec.

R/g

accesshollywood2 Tue, 07/08/2008 - 11:09
User Badges:

oh wait...it is enabled.. im sorry.. i had a brain freeze for a minute... but.. i dont see SYSOPT permit connection ipsec

a.alekseev Tue, 07/08/2008 - 15:24
User Badges:
  • Gold, 750 points or more

try to add this


crypto isakmp ipsec-over-tcp port 10000

group-policy himgvpn attributes

ipsec-udp enable

crypto isakmp nat-traversal

accesshollywood2 Tue, 07/08/2008 - 15:28
User Badges:

I will do.. can you tell me what this does?


sorry i am still learning this stuff.. seems really complicated at times :)



Dustin

nomair_83 Wed, 07/09/2008 - 03:42
User Badges:
  • Bronze, 100 points or more

Just add crypto isakmp nat traversal 10.

Regards,

accesshollywood2 Wed, 07/09/2008 - 05:40
User Badges:

I am getting bytes received on the ASA, but none transmitted... i think we are getting close...!!!!!!!!!!!!!

a.alekseev Wed, 07/09/2008 - 05:33
User Badges:
  • Gold, 750 points or more

crypto isakmp ipsec-over-tcp port 10000 (IPSec over TCP, Cisco's proprietary, by default uses TCP port 10000)



ipsec-udp enable (IPSec over UDP, Cisco's proprietary, force the other side, if it supports, do IPSec over UDP, by default uses UDP port 10000)


crypto isakmp nat-traversal (NAT-T, RFC standard, take preference over "ipsec-udp enable". If both peers support NAT-T and NAT was detected in isakmp phase MM3/MM4, they will use IPSec over UDP with port 4500)


Actions

This Discussion