still struggling with the EZVPN setup. This is instantaneous setup at the moment.
LAN ---- inside-(192.168.44.1)ASAoutside-(DHCP private IP) ---- (private IP)-ISP Router-(public IP)
The ISP blocks UDP/500 and UDP/4500 so there is no way to setup a site-2-site VPN via IPsec. So we tried to setup the ASA5505 as EZVPN client and configured to use TCP over IPsec. But without success. I think the problem is the private IP on our outside interface. Has someone face the same problem?
LAN ---- inside-(192.168.44.1)ASAoutside-(10.103.14.217) ---- (10.6.0.6)-ISP Router-(18.104.22.168)
I update the IP address and attached the following log files 1. tmasb_log_file --> log file from the HQ 2. tmasb_ipsec -> is the packet capture from HQ
I found this msg in the log file:
715065|||||Group = TMASB_TEST2, IP = 22.214.171.124, IKE AM Responder FSM error history (struct &0xb40cbb00) <state>, <event>: AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CHECK_SPOOF-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR
This assume that the preshared key is wrong but I double check this with my colleague and this could not be the issue. I thinks the problem is before the ASA on the ISP modem. Maybe someone had an idea?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...