×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Impossible to pass data traffic on an established IPSec tunnel (PIX to PIX)

Unanswered Question
Jun 18th, 2002
User Badges:

Using Provider access for Internet connexion.

Impossible to ping a remote workstation through a IPSec tunnel, VPN seems to be correctly established (show crypto isakmp sa --> tunnel created)

If i replace the Internet network with a router, every thing works fine, tunnel goes up and i can ping the workstation to the othe side. router is configured with public ip address given by the two providers.

To resume, with a router simulating the Internet network --> it's OK

When using real Internet Network --> tunnel goes up but impossible to pass data traffic on it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cjacinto Sat, 06/22/2002 - 22:10
User Badges:
  • Cisco Employee,

Have you checked if your ISP is not blocking esp or ah (depending on your transform set) packets. This are protocol 50 and 51 (not port nos).


Second is there a device doing nat in the middle of the peers?


Third check the debugs, to see which phase it is failing, phase 1 or 2?

See pointers on:

http://www.cisco.com/warp/customer/110/ipsec_tun_pass_data.html


Actions

This Discussion