I have been troubleshooting a VPN connection between an ASA and 1841. I have had trouble connecting, I get ping and tracert to/from. I can see the 1841 send to the ASA, I see the ASA send to the 1841 but I don't see the 1841 receive the ASA, hence the breakdown.
I am wondering could IOS version play a role? If so, I am currently running the following on an 1841:
Image Name c1841-advsecurityk9-mz.124-10a.bin IOS Version 12.4(10a)
What I would do is to check that packets are being sent and received.
ASA it's easy - get a packet capture of IKE, ESP and UDP 4500 to and frop the router.
On router apply an ingress access-list on interface facing outside (if not done already)
First three entries on the acl should be.
permit udp h ASA_IP_ADDRESS eq 500 any
permit esp h ASA_IP_ADDRESS any
perm udp h ASA_IP_ADDRESS eq 4500 any
(if no ACL in place already remember to add "permit ip any any" at the end).
Now If you will see hits on either esp or udp 4500 entries it mean that an upgrade can help. If you don't see them arriving - you check the ASA to see if packets are leaving and if they are not malformed.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...