I have site to site tunnel between Cisco 3000 VPN concentrator and PIX506. I will be moving it to new ASA5510, so the tunnel will be established between ASA and PIX. After inistial testing, I found that one box on remote network (time clock lol) is dropping connectivity while tunneling between Pix and ASA (works fine with concentrator). Is all of the traffic allowed thru the VPN tunnel built on ASA? I understand that it should be as long as the tunnel is up and running, correct? (note: the remote clock is using TCP ports 8888 and 8889 to communicate with server)
Yes, this is the only issue I had encountered while testing. The server connects to the clock over the tunnel to collect transactions. It works thru old tunnel, fails with new one... even thought I am able to ping/traceroute it thru new tunnel (tunnel stays up and running).
Sorry for the confusion.It never worked through new tunnel (I mean server cannot communicate with the clock (over TCP port 8888 and 8889) , even though tunnel is up and running and all other nodes communicate ok i.e. mail, telnet, web). Everything works through old tunnel (3000 concentrator and PIX), so I wanted to make sure that ports 8888 8889 are not being blocked when traffic goes thru VPN tunnel between ASA and PIX.
There's no filter applied. I checked it via ASDM. I'm not using DfltGrpPolicy though. I had created new policy for this tunnel... should I configure it to use L2TP/IPSEC only? or both IPSec and L2TP/IPSec? What will happen if "inherit" option is checked for Tunneling Protocols (ASDM 6.2)?
I can also ping/traceroute all remote devices thru new tunnel.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...