09-16-2010 08:42 AM
Please help. I can not seem to establish a VPN tunnel from our clients to a remote network. I know it works fine from other locations so their end is taken care of. The VPN client is using L2TP-IPsec.
Here is my config if anyone has a suggestion.
ASA Version 8.2(2)19
!
hostname ****************
domain-name cisco.com
enable password ds4hdW4uvMnfKnfo encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 10.245.254.2 255.255.255.0
!
interface Ethernet0/1
shutdown
nameif Outside2
security-level 100
no ip address
!
interface Ethernet0/2
nameif inside
security-level 100
ip address 10.245.253.1 255.255.255.0
!
interface Ethernet0/3
shutdown
nameif Inside2
security-level 100
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 10.245.1.2 255.255.255.0
management-only
!
boot system disk0:/asa822-19-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.com
same-security-traffic permit inter-interface
access-list outside_access_in remark Access Rule to Allow ESP traffic
access-list outside_access_in remark Access Rule to allow ISAKMP to *****
access-list outside_access_in remark Access Rule to allow port 4500 (NAT-T) to ****
access-list outside_access_in remark Access Rule to allow port 1701 (L2TP) to ****
access-list outside_access_in extended permit esp any host x.x.x.x
access-list outside_access_in extended permit udp any eq isakmp host x.x.x.x
access-list outside_access_in extended permit udp any eq 4500 host x.x.x.x
access-list outside_access_in extended permit udp any eq 1701 host x.x.x.x
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu Outside2 1500
mtu inside 1500
mtu Inside2 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-632.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 101 0.0.0.0 0.0.0.0
nat (Inside2) 102 0.0.0.0 0.0.0.0
nat (management) 101 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.245.254.1 1
route inside 10.245.0.0 255.255.0.0 10.245.253.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.245.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=EASTON-DC-SR1-5510-1
crl configure
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.245.0.0 255.255.0.0 inside
ssh timeout 30
console timeout 30
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username sshuser1 password QeDXBFUts7/E3/zS encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:b543d816efdf990fb43b2bde4b8f167a
: end
09-17-2010 11:56 AM
That was a tremendous step we just did.
No translations? So the computer is not going through the ASA it seems.
You have these commands:
global (outside) 101 interface
nat (inside) 101 0.0.0.0 0.0.0.0
That means that any computer on the internal network should be translated to the outside IP when going out.
Provide the following:
1. IP address of the PC
2. If you can PING the default gateway of the ASA from that PC (after enabling the ICMP inspection I told you before).
If we fix this, we will get the PCs out through the ASA and finally to where you want to go (the L2TP server).
Federico.
09-17-2010 12:54 PM
The IP of the host PC is 10.245.2.56. I can already ping the internal IP of the ASA. When you say it has to ping the default gateway of the asa which interface do you mean? The outside interface or the internal interface of the next hop router?
That will determine how I should setup ICMP inspection.
Sorry for the confusion.
09-17-2010 12:58 PM
You can PING the ASA so there's connectivity between the PC and the ASA.
Now, to allow traffic to pass through let's test a PING to the ASA's default gateway 10.245.254.1
From the PC, PING 10.245.254.1
It will now work until you inspect ICMP.
But this will show us traffic is indeed passing through.
Federico.
09-17-2010 01:01 PM
Ok, I added access-list outside_access_in permit icmp any any echo-reply and can now ping 10.245.254.1.
FYI...everyone here can get on the internet and do pretty much everything. It's just this L2TP client-based VPN connection to a remote location.
09-17-2010 01:07 PM
Traffic is passing through, the L2TP connection should work.
If still does not work, you can do a capture:
capture in interface inside match ip host 10.245.2.56 host 64.x.x.x
capture in interface inside match ip host 64.x.x.x host 10.245.2.56
capture out interface outside match ip host 10.245.254.2 host 64.x.x.x
capture out interface outside match ip host 64.x.x.x host 10.245.254.2
sh cap in
sh cap out
This will show us the communication between your PC and the L2TP server (from the ASA's perspective).
Try the show commands for the capture after attempting the L2TP connection.
Federico.
09-17-2010 01:26 PM
Here are the results.
Sh in:
1: 13:06:58.415109 10.245.2.56.500 > 64.x.x.x.500: udp 384
2: 13:06:58.452170 64.x.x.x.500 > 10.245.2.56.500: udp 148
3: 13:06:58.458472 10.245.2.56.500 > 64.x.x.x.500: udp 260
4: 13:06:58.557008 64.x.x.x.500 > 10.245.2.56.500: udp 232
5: 13:06:58.560945 10.245.2.56.4500 > 64.x.x.x.4500: udp 72
6: 13:06:58.610564 64.x.x.x.4500 > 10.245.2.56.4500: udp 72
7: 13:06:58.613386 10.245.2.56.4500 > 64.x.x.x.4500: udp 320
8: 13:06:58.662746 64.x.x.x.4500 > 10.245.2.56.4500: udp 184
9: 13:06:58.664073 10.245.2.56.4500 > 64.x.x.x.4500: udp 64
10: 13:06:58.714165 64.x.x.x.4500 > 10.245.2.56.4500: udp 88
11: 13:06:58.716805 10.245.2.56.4500 > 64.x.x.x.4500: udp 148
12: 13:06:59.717263 10.245.2.56.4500 > 64.x.x.x.4500: udp 148
13: 13:07:01.717293 10.245.2.56.4500 > 64.x.x.x.4500: udp 148
14: 13:07:01.781530 64.x.x.x.4500 > 10.245.2.56.4500: udp 156
15: 13:07:01.782414 10.245.2.56.4500 > 64.x.x.x.4500: udp 60
16: 13:07:01.782521 10.245.2.56.4500 > 64.x.x.x.4500: udp 108
17: 13:07:01.834276 64.x.x.x.4500 > 10.245.2.56.4500: udp 52
18: 13:07:09.509205 64.x.x.x.4500 > 10.245.2.56.4500: udp 68
19: 13:07:09.510044 10.245.2.56.4500 > 64.x.x.x.4500: udp 92
20: 13:07:09.517154 10.245.2.56.4500 > 64.x.x.x.4500: udp 100
21: 13:07:09.572983 64.x.x.x.4500 > 10.245.2.56.4500: udp 52
22: 13:07:09.580002 64.x.x.x.4500 > 10.245.2.56.4500: udp 108
23: 13:07:09.580215 64.x.x.x.4500 > 10.245.2.56.4500: udp 100
24: 13:07:09.581039 10.245.2.56.4500 > 64.x.x.x.4500: udp 60
25: 13:07:09.626203 64.x.x.x.4500 > 10.245.2.56.4500: udp 108
26: 13:07:09.627134 10.245.2.56.4500 > 64.x.x.x.4500: udp 60
27: 13:07:09.688349 64.x.x.x.4500 > 10.245.2.56.4500: udp 108
28: 13:07:09.689310 10.245.2.56.4500 > 64.x.x.x.4500: udp 108
29: 13:07:09.689402 10.245.2.56.4500 > 64.x.x.x.4500: udp 68
30: 13:07:09.689432 10.245.2.56.4500 > 64.x.x.x.4500: udp 76
31: 13:07:09.689509 10.245.2.56.4500 > 64.x.x.x.4500: udp 76
32: 13:07:09.733345 64.x.x.x.4500 > 10.245.2.56.4500: udp 84
33: 13:07:09.735206 10.245.2.56.4500 > 64.x.x.x.4500: udp 108
34: 13:07:09.782735 64.x.x.x.4500 > 10.245.2.56.4500: udp 100
35: 13:07:09.783055 64.x.x.x.4500 > 10.245.2.56.4500: udp 60
36: 13:07:09.784184 10.245.2.56.4500 > 64.x.x.x.4500: udp 60
37: 13:07:09.839266 64.x.x.x.4500 > 10.245.2.56.4500: udp 60
38: 13:07:09.839998 10.245.2.56.4500 > 64.x.x.x.4500: udp 60
39: 13:07:09.840105 10.245.2.56.4500 > 64.x.x.x.4500: udp 84
40: 13:07:09.844774 64.x.x.x.4500 > 10.245.2.56.4500: udp 60
41: 13:07:09.844988 64.x.x.x.4500 > 10.245.2.56.4500: udp 60
42: 13:07:09.845430 10.245.2.56.4500 > 64.x.x.x.4500: udp 60
43: 13:07:09.845537 10.245.2.56.4500 > 64.x.x.x.4500: udp 60
44: 13:07:09.878097 64.x.x.x.4500 > 10.245.2.56.4500: udp 60
45: 13:07:09.883026 64.x.x.x.4500 > 10.245.2.56.4500: udp 60
46: 13:07:09.883972 10.245.2.56.4500 > 64.x.x.x.4500: udp 76
47: 13:07:09.950634 64.x.x.x.4500 > 10.245.2.56.4500: udp 76
48: 13:07:09.951763 10.245.2.56.4500 > 64.x.x.x.4500: udp 76
49: 13:07:09.995630 64.x.x.x.4500 > 10.245.2.56.4500: udp 76
50: 13:07:10.041745 10.245.2.56.4500 > 64.x.x.x.4500: udp 188
51: 13:07:13.042447 10.245.2.56.4500 > 64.x.x.x.4500: udp 188
52: 13:07:14.593520 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
53: 13:07:14.593719 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
54: 13:07:14.593871 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
55: 13:07:14.954296 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
56: 13:07:15.343182 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
57: 13:07:15.343259 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
58: 13:07:15.343289 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
59: 13:07:15.704461 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
60: 13:07:15.715432 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
61: 13:07:16.093394 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
62: 13:07:16.093623 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
63: 13:07:16.093638 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
64: 13:07:16.454062 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
65: 13:07:16.465018 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
66: 13:07:16.843248 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
67: 13:07:16.843401 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
68: 13:07:16.843431 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
69: 13:07:16.893249 10.245.2.56.4500 > 64.x.x.x.4500: udp 108
70: 13:07:17.215351 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
71: 13:07:17.537875 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
72: 13:07:17.593490 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
73: 13:07:18.266740 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
74: 13:07:18.287201 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
75: 13:07:18.343320 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
76: 13:07:19.016356 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
77: 13:07:19.037443 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
78: 13:07:19.093317 10.245.2.56.4500 > 64.x.x.x.4500: udp 140
79: 13:07:19.612288 10.245.2.56.4500 > 64.x.x.x.4500: udp 1
80: 13:07:19.766241 10.245.2.56.4500 > 64.x.x.x.4500: udp 116
81: 13:07:19.805393 10.245.2.56.4500 > 64.x.x.x.4500: udp 68
82: 13:07:19.891814 64.x.x.x.4500 > 10.245.2.56.4500: udp 68
83: 13:07:19.893203 10.245.2.56.4500 > 64.x.x.x.4500: udp 108
84: 13:07:19.917280 10.245.2.56.4500 > 64.x.x.x.4500: udp 76
85: 13:07:19.965877 64.x.x.x.4500 > 10.245.2.56.4500: udp 52
86: 13:07:19.966441 10.245.2.56.4500 > 64.x.x.x.4500: udp 76
87: 13:07:20.014632 64.x.x.x.4500 > 10.245.2.56.4500: udp 52
88: 13:07:20.017607 10.245.2.56.4500 > 64.x.x.x.4500: udp 128
89: 13:07:20.017897 10.245.2.56.4500 > 64.x.x.x.4500: udp 144
90: 13:07:20.058575 64.x.x.x.4500 > 10.245.2.56.4500: udp 96
91: 13:07:20.059872 64.x.x.x.4500 > 10.245.2.56.4500: udp 112
Sh out:
1: 13:06:58.415292 10.245.254.2.160 > 64.x.x.x.500: udp 384
2: 13:06:58.452140 64.x.x.x.500 > 10.245.254.2.160: udp 148
3: 13:06:58.458487 10.245.254.2.160 > 64.x.x.x.500: udp 260
4: 13:06:58.556993 64.x.x.x.500 > 10.245.254.2.160: udp 232
5: 13:06:58.561128 10.245.254.2.29565 > 64.x.x.x.4500: udp 72
6: 13:06:58.610533 64.x.x.x.4500 > 10.245.254.2.29565: udp 72
7: 13:06:58.613402 10.245.254.2.29565 > 64.x.x.x.4500: udp 320
8: 13:06:58.662731 64.x.x.x.4500 > 10.245.254.2.29565: udp 184
9: 13:06:58.664089 10.245.254.2.29565 > 64.x.x.x.4500: udp 64
10: 13:06:58.714165 64.x.x.x.4500 > 10.245.254.2.29565: udp 88
11: 13:06:58.716820 10.245.254.2.29565 > 64.x.x.x.4500: udp 148
12: 13:06:59.717278 10.245.254.2.29565 > 64.x.x.x.4500: udp 148
13: 13:07:01.717309 10.245.254.2.29565 > 64.x.x.x.4500: udp 148
14: 13:07:01.781514 64.x.x.x.4500 > 10.245.254.2.29565: udp 156
15: 13:07:01.782430 10.245.254.2.29565 > 64.x.x.x.4500: udp 60
16: 13:07:01.782537 10.245.254.2.29565 > 64.x.x.x.4500: udp 108
17: 13:07:01.834261 64.x.x.x.4500 > 10.245.254.2.29565: udp 52
18: 13:07:09.509189 64.x.x.x.4500 > 10.245.254.2.29565: udp 68
19: 13:07:09.510059 10.245.254.2.29565 > 64.x.x.x.4500: udp 92
20: 13:07:09.517154 10.245.254.2.29565 > 64.x.x.x.4500: udp 100
21: 13:07:09.572968 64.x.x.x.4500 > 10.245.254.2.29565: udp 52
22: 13:07:09.579987 64.x.x.x.4500 > 10.245.254.2.29565: udp 108
23: 13:07:09.580200 64.x.x.x.4500 > 10.245.254.2.29565: udp 100
24: 13:07:09.581039 10.245.254.2.29565 > 64.x.x.x.4500: udp 60
25: 13:07:09.626188 64.x.x.x.4500 > 10.245.254.2.29565: udp 108
26: 13:07:09.627149 10.245.254.2.29565 > 64.x.x.x.4500: udp 60
27: 13:07:09.688334 64.x.x.x.4500 > 10.245.254.2.29565: udp 108
28: 13:07:09.689325 10.245.254.2.29565 > 64.x.x.x.4500: udp 108
29: 13:07:09.689402 10.245.254.2.29565 > 64.x.x.x.4500: udp 68
30: 13:07:09.689432 10.245.254.2.29565 > 64.x.x.x.4500: udp 76
31: 13:07:09.689524 10.245.254.2.29565 > 64.x.x.x.4500: udp 76
32: 13:07:09.733329 64.x.x.x.4500 > 10.245.254.2.29565: udp 84
33: 13:07:09.735221 10.245.254.2.29565 > 64.x.x.x.4500: udp 108
34: 13:07:09.782735 64.x.x.x.4500 > 10.245.254.2.29565: udp 100
35: 13:07:09.783040 64.x.x.x.4500 > 10.245.254.2.29565: udp 60
36: 13:07:09.784200 10.245.254.2.29565 > 64.x.x.x.4500: udp 60
37: 13:07:09.839251 64.x.x.x.4500 > 10.245.254.2.29565: udp 60
38: 13:07:09.840013 10.245.254.2.29565 > 64.x.x.x.4500: udp 60
39: 13:07:09.840105 10.245.254.2.29565 > 64.x.x.x.4500: udp 84
40: 13:07:09.844759 64.x.x.x.4500 > 10.245.254.2.29565: udp 60
41: 13:07:09.844988 64.x.x.x.4500 > 10.245.254.2.29565: udp 60
42: 13:07:09.845445 10.245.254.2.29565 > 64.x.x.x.4500: udp 60
43: 13:07:09.845552 10.245.254.2.29565 > 64.x.x.x.4500: udp 60
44: 13:07:09.878082 64.x.x.x.4500 > 10.245.254.2.29565: udp 60
45: 13:07:09.883010 64.x.x.x.4500 > 10.245.254.2.29565: udp 60
46: 13:07:09.883987 10.245.254.2.29565 > 64.x.x.x.4500: udp 76
47: 13:07:09.950619 64.x.x.x.4500 > 10.245.254.2.29565: udp 76
48: 13:07:09.951778 10.245.254.2.29565 > 64.x.x.x.4500: udp 76
49: 13:07:09.995615 64.x.x.x.4500 > 10.245.254.2.29565: udp 76
50: 13:07:10.041745 10.245.254.2.29565 > 64.x.x.x.4500: udp 188
51: 13:07:13.042463 10.245.254.2.29565 > 64.x.x.x.4500: udp 188
52: 13:07:14.593536 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
53: 13:07:14.593719 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
54: 13:07:14.593887 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
55: 13:07:14.954311 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
56: 13:07:15.343198 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
57: 13:07:15.343274 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
58: 13:07:15.343289 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
59: 13:07:15.704477 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
60: 13:07:15.715447 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
61: 13:07:16.093409 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
62: 13:07:16.093638 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
63: 13:07:16.093653 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
64: 13:07:16.454078 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
65: 13:07:16.465033 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
66: 13:07:16.843263 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
67: 13:07:16.843416 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
68: 13:07:16.843446 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
69: 13:07:16.893249 10.245.254.2.29565 > 64.x.x.x.4500: udp 108
70: 13:07:17.215381 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
71: 13:07:17.537905 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
72: 13:07:17.593505 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
73: 13:07:18.266755 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
74: 13:07:18.287201 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
75: 13:07:18.343335 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
76: 13:07:19.016371 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
77: 13:07:19.037443 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
78: 13:07:19.093333 10.245.254.2.29565 > 64.x.x.x.4500: udp 140
79: 13:07:19.612303 10.245.254.2.29565 > 64.x.x.x.4500: udp 1
80: 13:07:19.766241 10.245.254.2.29565 > 64.x.x.x.4500: udp 116
81: 13:07:19.805408 10.245.254.2.29565 > 64.x.x.x.4500: udp 68
82: 13:07:19.891784 64.x.x.x.4500 > 10.245.254.2.29565: udp 68
83: 13:07:19.893218 10.245.254.2.29565 > 64.x.x.x.4500: udp 108
84: 13:07:19.917280 10.245.254.2.29565 > 64.x.x.x.4500: udp 76
85: 13:07:19.965861 64.x.x.x.4500 > 10.245.254.2.29565: udp 52
86: 13:07:19.966441 10.245.254.2.29565 > 64.x.x.x.4500: udp 76
87: 13:07:20.014617 64.x.x.x.4500 > 10.245.254.2.29565: udp 52
88: 13:07:20.017622 10.245.254.2.29565 > 64.x.x.x.4500: udp 128
89: 13:07:20.017912 10.245.254.2.29565 > 64.x.x.x.4500: udp 144
90: 13:07:20.058560 64.x.x.x.4500 > 10.245.254.2.29565: udp 96
91: 13:07:20.059857 64.x.x.x.4500 > 10.245.254.2.29565: udp 112
09-17-2010 01:32 PM
Great but did you run the capture when/after trying the L2TP connection?
The reason I ask is because I don't see UDP port 1701 in the list.
Federico.
09-17-2010 01:46 PM
I ran the 4 commands, then tried to connect to the VPN, waited it for it to completely timeout, then did sh cap in and sh cap out.
09-17-2010 01:15 PM
Oh nevermind, typed it in wrong:
09-17-2010 01:17 PM
Did you changed 64.x.x.x for the actual address?
Federico.
09-17-2010 03:26 PM
Ok, the problem might be with PAT then.
Please do the following test to make sure:
static (in,out) 10.245.254.x 10.245.2.56
And try the connection again from PC 10.245.2.56
The idea is to create a one-to-one static NAT for the PC and try the L2TP connection.
The 10.245.254.x should be an unused IP belonging to network 10.245.254.0/24
Federico.
09-20-2010 05:54 AM
No luck. I am going to try and take out the router in between the cable modem and just test without it.
09-21-2010 01:32 PM
Wound up being the linksys that was in front of it all. Appreciate all your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide