Re: VPN config

bud.nelson · ‎07-10-2008

Morning all

I am atempting to establish a secure VPN tunnel with a vendor. They use a Sonicwall fw, I am using an ASA 5520. I think my side is configure correctly. We agree on the config parameters, hashing,encryption, shared key etc. but I can ping their IP from everywhere on the 'net and they cannot see my NATted IP. I can do a traceroute to their from anywhere. I shold mention they are located in Bangalore. Is there any known issue concernig this configuration ? Any ideas ?

stephen.stack · ‎07-10-2008

HI,

Have personally had this working before. As long as all security parameters are correct on both sides - should work!

Hav you configured your ASA for an ACL to define interesting traffic.

only when the ASA sees traffic coming from the subnet specified in the ACL wil the IPSEC tunnel be built.

What do you mean by, they cannot see my NATted IP???

Can you do a sh log on the ASA and look to see if there is any ISAKMP Phase 1 or Phase 2 errors, or IPSEC errors. Post them here, and we will try to help out.

Regards

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

bud.nelson · ‎07-10-2008

I did not see any ipsec or isakmp traffic from this particular tunnel. Due to time constraints we will atempt this again tomorrow morning and I will ty to capture any debug info. Thanks.