cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
533
Views
5
Helpful
3
Replies

VPN on ASA 5510 don´t come up

marcio.tormente
Level 4
Level 4

Hello guys!

 

I'm trying to create a new VPN, but is not coming IP.

First I have a route-map in my core switch that say to redirect the traffic to the internet firewall when the source and destination was regard the VPN.

In the firewall I can see 02 different logs:

Phase: 10
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xb00b8f50, priority=70, domain=encrypt, deny=false
hits=538, user_data=0x0, cs_id=0xb416f040, reverse, flags=0x0, protocol=0
src ip=SITEL-CIELO-TRAINNING, mask=255.255.255.0, port=0
dst ip=10.82.10.87, mask=255.255.255.255, port=0, dscp=0x0

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside-lp
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

 

And 

IKE Peer: 201.x.x.x
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2

I saw in some docummentation that this message "MM_WAIT_MSG2" mean that I'm not receiving answer from the other side. But they said that can´t receive any traffic from my side. 

 

Any one knows what can be done?

 

Thanks

3 Replies 3

Hi @marcio.tormente

Actually this message means that your peer send encr/hash/dh as the initiator and is waiting for response. If the other end did not receive this message, your end stay on this status. 

 Do you have basic connectivity? I mean, can you ping the remote peer?

 

-If I helped you somehow, please, rate it as useful.-

Hello Flavio,

 

Thanks for your support.

 

Yes, from my firewall I can ping the remote site.

On this situation it is necessary a four-hands troubleshooting. As per the logs, packets looks stopping somewhere. It is necessary both ends validate their sides and make sure packets get on the destination. 

 Phase 1 problem is basically network problem.

 

 

-If I helped you somehow, please, rate it as useful.-

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: