07-08-2008 07:46 AM
Hey all,
I set up a regular IPsec VPN connection into my work.
THe problem is once i am connected, i cant get to anything on our network. I look at the session on the ASA and no bytes are transmitted or received.
I am sure this is something small...any ideas?
Dustin
07-08-2008 10:21 AM
You mean..no bytes at show crypto ipsec sa?
If yes then enable nat traversal and sysopt permit connection ipsec.
R/g
07-08-2008 11:04 AM
i dont know how to do that?
Can you help me out?
07-08-2008 11:09 AM
oh wait...it is enabled.. im sorry.. i had a brain freeze for a minute... but.. i dont see SYSOPT permit connection ipsec
07-08-2008 11:18 AM
07-08-2008 01:40 PM
show the configuration.
07-08-2008 02:59 PM
07-08-2008 03:24 PM
try to add this
crypto isakmp ipsec-over-tcp port 10000
group-policy himgvpn attributes
ipsec-udp enable
crypto isakmp nat-traversal
07-08-2008 03:28 PM
I will do.. can you tell me what this does?
sorry i am still learning this stuff.. seems really complicated at times :)
Dustin
07-09-2008 03:42 AM
Just add crypto isakmp nat traversal 10.
Regards,
07-09-2008 05:40 AM
I am getting bytes received on the ASA, but none transmitted... i think we are getting close...!!!!!!!!!!!!!
07-09-2008 05:33 AM
crypto isakmp ipsec-over-tcp port 10000 (IPSec over TCP, Cisco's proprietary, by default uses TCP port 10000)
ipsec-udp enable (IPSec over UDP, Cisco's proprietary, force the other side, if it supports, do IPSec over UDP, by default uses UDP port 10000)
crypto isakmp nat-traversal (NAT-T, RFC standard, take preference over "ipsec-udp enable". If both peers support NAT-T and NAT was detected in isakmp phase MM3/MM4, they will use IPSec over UDP with port 4500)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: