Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
1
Replies

Impossible to pass data traffic on an established IPSec tunnel (PIX to PIX)

eric.crucis
Level 1
Level 1

‎06-18-2002 04:42 AM - edited ‎02-21-2020 11:48 AM

Using Provider access for Internet connexion.

Impossible to ping a remote workstation through a IPSec tunnel, VPN seems to be correctly established (show crypto isakmp sa --> tunnel created)

If i replace the Internet network with a router, every thing works fine, tunnel goes up and i can ping the workstation to the othe side. router is configured with public ip address given by the two providers.

To resume, with a router simulating the Internet network --> it's OK

When using real Internet Network --> tunnel goes up but impossible to pass data traffic on it.

Labels:
0 Helpful
1 Reply 1

cjacinto
Cisco Employee
Cisco Employee

‎06-22-2002 10:10 PM

Have you checked if your ISP is not blocking esp or ah (depending on your transform set) packets. This are protocol 50 and 51 (not port nos).

Second is there a device doing nat in the middle of the peers?

Third check the debugs, to see which phase it is failing, phase 1 or 2?

See pointers on:

http://www.cisco.com/warp/customer/110/ipsec_tun_pass_data.html

0 Helpful
Customers Also Viewed These Support Documents