I am attempting to connect two offices via IPSec tunnel, my side is using an 1841 with AdvSec package (and existing IPSec tunnels on a different interface) and the other office is using a Linksys WRVS4400N VPN router.
I've got both sides configured properly for the tunnel and can see Phase 1 IKE, but Phase 2 fails. Has anyone successfully used these devices to peer? I am using mostly default values for the setup...3DES, SHA1, DH group 2 etc.
Got the tunnel up and talking, the issue was a misconfiguration on the Linksys VPN router. Now that they are talking the Cisco SDM shows the tunnel status as "up", yet I cannot ping any of the hosts on the destination network. When I use the SDM diagnostic tool, it comes back with:
"A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets."
I did a search on Google and found a forum post from someone with the same problem...but the last post was from the user, saying "issue resolved it was a routing problem" with no specifics.
As far as the traffic is concerned, are you saying that you are not able to even send a ping packet with 100 bytes across the tunnel. It may or may not be a MTU Issue and could be a misconfiguration on the ASA or Linksys. When you try to ping a remote host across the tunnel, what do you see under encrypts and decrypts? Can you post a copy of your configuration along with "show crypto ipsec sa" outputs and also the source and destination IP Addresses of your traffic.
As of now, I am unable to ping any host in the destination network (192.168.6.0 /24). Nor am I able to ping the inside interface on the destination router (192.168.6.1). The other side, however, is able to ping the inside interface on my router (192.168.3.1). But they cannot ping any hosts inside my network.
When I run a "sh crypto eng connection active" I can see the encrypt/decrypt happening for each ping they send to my router, but nothing at all when I try to send a ping out.
A "sh crypto isa sa" shows MM_NO_STATE for the tunnel.
On a side note: I also set up a client VPN group on this router. They can connect successfully and ping the router (192.168.3.1) but cannot access any inside hosts either. Pings fail, as do any other method of accessing inside hosts when connected successfully via VPN.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...