01-25-2010 04:53 AM
Dear All,
i am facing an issue continously when configuring a VPN Connection with any client. what is happening is the tunnel is a one sided initiation means that i have to send some packets from my side so the other side will be able to connect to my servers. otherwise my client will keep trying to hit my servers but he will be only transmitting bytes but nothing recieved from my side.
it happens with certain connections not all.
i am using Cisco ASA 5540
i have checked everything keep alive, SA Life Time, and other things without any success.
awaiting your Feedback.
01-28-2010 10:02 AM
This type of problem is typically caused by routing and/or nat issues. First, ensure your encryption domain definitions (ACLs) match. Second, unless the client uses its VPN device as its DFG, have them make sure they have routes in place for your address space. Finally, have the client make sure they are NATing correctly.
James
01-28-2010 02:25 PM
hey there ...
first of all thanks for the response it really expands my troubleshooting process ...
regarding the natting ... both sides are using public IPs so i dont think natting is used at both sides.
in ASA do i have to configure the ACL in both directions ... or is one way enough ?
i will definetly have the client check the routes at their side ...
thanks again ..
01-29-2010 01:52 AM
Your ACL should like something like this...
ip access-list ENCRYPT_THIS
permit ip your network his network
The clients ACL should look like this...
ip access-list ENCRYPT_THIS
permit ip his network your network
James
01-28-2010 04:24 PM
Hi Ahmed,
Is this firewall in production network.Check whether NAT-T is enabled on the firewall?
Try adding the commands "crypto isakmp nat-t 20" on both ends and revert.
Regards,
Pradhuman
02-14-2010 08:46 PM
heey guys ....
i have checked all your suggestions nothing seems to work ...
i think it might be a problem of integrating different platforms cause the other side is using another VPN device (Check Point)
thanks all for your help ...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: