Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
10
Helpful
20
Replies

RA VPN issue asa5505

mcsystems
Level 1
Level 1

‎03-16-2007 03:30 PM - edited ‎02-21-2020 02:55 PM

please excuse me while i get my head around this thing.

policy problem. very simple setup.

getting: 2 Mar 16 2007 14:51:24 106006 xx.202.120.109 xx.129.14.162 Deny inbound UDP from xx.xx.120.109/500 to xx.xx.14.162/500 on interface outside

no web or hardclient. just static routing table and ravpn.

tia.

Labels:
0 Helpful
20 Replies 20

mcsystems
Level 1
Level 1
In response to acomiskey

‎03-17-2007 05:26 PM

5 Mar 18 2007 00:15:36 111008 User 'enable_15' executed the 'sysopt connection permit-vpn' command.

5 Mar 18 2007 00:15:59 111008 User 'enable_15' executed the 'sysopt connection permit-ipsec' command.

2 Mar 18 2007 00:15:01 106006 xxx.xxx.xxx.16 xxx.xxx.xxx.162 Deny inbound UDP from xxx.xxx.xxx.16/500 to xxx.xxx.xxx.162/500 on interface outside

if you wanted to email me. that email works. either way i appreciate your time and patience!

0 Helpful

Kamal Malhotra
Cisco Employee
Cisco Employee
In response to mcsystems

‎03-17-2007 08:22 PM

Please try the following:

no crypto isakmp enable outside

crypto isakmp enable outside

cry isak iden add

HTH,

Please rate if it helps,

Regards,

Kamal

0 Helpful

mcsystems
Level 1
Level 1
In response to Kamal Malhotra

‎03-18-2007 11:33 AM

applied, still no go. in addition acomiskey suggested removing a line of my routing table which was good idea, but did not resolve. including new running config if anyone has any further thoughts. thanks Kamal and acomiskey. your thoughts and suggestions are very helpful. will rate. !att

0 Helpful

kaachary
Cisco Employee
Cisco Employee
In response to mcsystems

‎03-18-2007 12:27 PM

Do you have VPN clients connecting from inside to some server outside ? In other words, do you have this ASA as an ipsec passthrough also ?

if you have a spare public ip address, Try changing the PAT statement to

global (outside) 1

instead of using interface to pat the traffic. There's a known issue with interface PAT with VPN connections.

Let me know if it helps.

-Kanishka

0 Helpful

kaachary
Cisco Employee
Cisco Employee
In response to kaachary

‎03-18-2007 12:29 PM

Also, what logs you are getting on VPN client ?

0 Helpful

mcsystems
Level 1
Level 1
In response to kaachary

‎03-18-2007 04:53 PM

after my Nth config factory-restore and reconfig (with no changes) for no apparent reason the ipsec vpn started connecting. i have not as of yet compared the running config line by line, but will post if some difference is found. in addition now my ASDM interface status constantly blinks from "no ip address" to being down to n/a?. i know i did something to make that steady the last time. thanks again for all that attempted to ease my pain.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents