07-08-2008 07:46 AM
Hey all,
I set up a regular IPsec VPN connection into my work.
THe problem is once i am connected, i cant get to anything on our network. I look at the session on the ASA and no bytes are transmitted or received.
I am sure this is something small...any ideas?
Dustin
07-08-2008 10:21 AM
You mean..no bytes at show crypto ipsec sa?
If yes then enable nat traversal and sysopt permit connection ipsec.
R/g
07-08-2008 11:04 AM
i dont know how to do that?
Can you help me out?
07-08-2008 11:09 AM
oh wait...it is enabled.. im sorry.. i had a brain freeze for a minute... but.. i dont see SYSOPT permit connection ipsec
07-08-2008 11:18 AM
07-08-2008 01:40 PM
show the configuration.
07-08-2008 02:59 PM
07-08-2008 03:24 PM
try to add this
crypto isakmp ipsec-over-tcp port 10000
group-policy himgvpn attributes
ipsec-udp enable
crypto isakmp nat-traversal
07-08-2008 03:28 PM
I will do.. can you tell me what this does?
sorry i am still learning this stuff.. seems really complicated at times :)
Dustin
07-09-2008 03:42 AM
Just add crypto isakmp nat traversal 10.
Regards,
07-09-2008 05:40 AM
I am getting bytes received on the ASA, but none transmitted... i think we are getting close...!!!!!!!!!!!!!
07-09-2008 05:33 AM
crypto isakmp ipsec-over-tcp port 10000 (IPSec over TCP, Cisco's proprietary, by default uses TCP port 10000)
ipsec-udp enable (IPSec over UDP, Cisco's proprietary, force the other side, if it supports, do IPSec over UDP, by default uses UDP port 10000)
crypto isakmp nat-traversal (NAT-T, RFC standard, take preference over "ipsec-udp enable". If both peers support NAT-T and NAT was detected in isakmp phase MM3/MM4, they will use IPSec over UDP with port 4500)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide