VPN on ASA...after connection, no bytes transmitted or received?

accesshollywood2 · ‎07-08-2008

Hey all,

I set up a regular IPsec VPN connection into my work.

THe problem is once i am connected, i cant get to anything on our network. I look at the session on the ASA and no bytes are transmitted or received.

I am sure this is something small...any ideas?

Dustin

nomair_83 · ‎07-08-2008

You mean..no bytes at show crypto ipsec sa?

If yes then enable nat traversal and sysopt permit connection ipsec.

R/g

accesshollywood2 · ‎07-08-2008

i dont know how to do that?

Can you help me out?

accesshollywood2 · ‎07-08-2008

oh wait...it is enabled.. im sorry.. i had a brain freeze for a minute... but.. i dont see SYSOPT permit connection ipsec

accesshollywood2 · ‎07-08-2008

I attached where it isnt TX or RX... let me know what you think... thanks!!!!

a.alekseev · ‎07-08-2008

show the configuration.

accesshollywood2 · ‎07-08-2008

see attachment... thank you soo much!

Dustin

a.alekseev · ‎07-08-2008

try to add this

crypto isakmp ipsec-over-tcp port 10000

group-policy himgvpn attributes

ipsec-udp enable

crypto isakmp nat-traversal

accesshollywood2 · ‎07-08-2008

I will do.. can you tell me what this does?

sorry i am still learning this stuff.. seems really complicated at times :)

Dustin

nomair_83 · ‎07-09-2008

Just add crypto isakmp nat traversal 10.

Regards,

accesshollywood2 · ‎07-09-2008

I am getting bytes received on the ASA, but none transmitted... i think we are getting close...!!!!!!!!!!!!!

a.alekseev · ‎07-09-2008

crypto isakmp ipsec-over-tcp port 10000 (IPSec over TCP, Cisco's proprietary, by default uses TCP port 10000)

ipsec-udp enable (IPSec over UDP, Cisco's proprietary, force the other side, if it supports, do IPSec over UDP, by default uses UDP port 10000)

crypto isakmp nat-traversal (NAT-T, RFC standard, take preference over "ipsec-udp enable". If both peers support NAT-T and NAT was detected in isakmp phase MM3/MM4, they will use IPSec over UDP with port 4500)