Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Impossible to pass data traffic on an established IPSec tunnel (PIX to PIX)

Using Provider access for Internet connexion.

Impossible to ping a remote workstation through a IPSec tunnel, VPN seems to be correctly established (show crypto isakmp sa --> tunnel created)

If i replace the Internet network with a router, every thing works fine, tunnel goes up and i can ping the workstation to the othe side. router is configured with public ip address given by the two providers.

To resume, with a router simulating the Internet network --> it's OK

When using real Internet Network --> tunnel goes up but impossible to pass data traffic on it.

1 REPLY
Cisco Employee

Re: Impossible to pass data traffic on an established IPSec tunn

Have you checked if your ISP is not blocking esp or ah (depending on your transform set) packets. This are protocol 50 and 51 (not port nos).

Second is there a device doing nat in the middle of the peers?

Third check the debugs, to see which phase it is failing, phase 1 or 2?

See pointers on:

http://www.cisco.com/warp/customer/110/ipsec_tun_pass_data.html

143
Views
0
Helpful
1
Replies
CreatePlease to create content