VPN config

Unanswered Question
Jul 10th, 2008
User Badges:

Morning all

I am atempting to establish a secure VPN tunnel with a vendor. They use a Sonicwall fw, I am using an ASA 5520. I think my side is configure correctly. We agree on the config parameters, hashing,encryption, shared key etc. but I can ping their IP from everywhere on the 'net and they cannot see my NATted IP. I can do a traceroute to their from anywhere. I shold mention they are located in Bangalore. Is there any known issue concernig this configuration ? Any ideas ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
stephen.stack Thu, 07/10/2008 - 08:15
User Badges:
  • Silver, 250 points or more


Have personally had this working before. As long as all security parameters are correct on both sides - should work!

Hav you configured your ASA for an ACL to define interesting traffic.

only when the ASA sees traffic coming from the subnet specified in the ACL wil the IPSEC tunnel be built.

What do you mean by, they cannot see my NATted IP???

Can you do a sh log on the ASA and look to see if there is any ISAKMP Phase 1 or Phase 2 errors, or IPSEC errors. Post them here, and we will try to help out.



bud.nelson Thu, 07/10/2008 - 08:44
User Badges:

I did not see any ipsec or isakmp traffic from this particular tunnel. Due to time constraints we will atempt this again tomorrow morning and I will ty to capture any debug info. Thanks.


This Discussion