Interperting sh crypto ipsec sa command in ASA5505
Trying to verify that there is no restricted traffic traveling through the vpn tunnel. That the vpn tunnel acts like a trusted network and all ports and protocols are passed and not blocked.
After entering "sh crypto ipsec sa" command, there are a couple of lines that I wanted to confirm with someone here who might know.
local ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.4.1.0/255.255.255.0/0/0)
local ident (addr/mask/prot/port): (10.4.5.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.1.5.0/255.255.255.0/0/0)
Do these lines from the sh crypto ipec sa show that the traffic going through the tunnel is unrestricted? In particular the zero's for the protocol and ports that are in bold? Does that represent ANY protocol, ANY port?
Re: Interperting sh crypto ipsec sa command in ASA5505
I have checked my acl's repeatedly. The reason I'm asking this question is that I have one site to site vpn tunnel up and running. The original networks that are associated with this tunnel are 10.1.1.0 (class c) to 10.4.1.0 (class c). This works just fine, all traffic is passed no matter the protocol or port. But I added another set of networks to the tunnel (same site to site tunnel), 10.1.5.0 (class c) to 10.4.5.0 (class c). When I check connectivity between these networks (10.1.5.0 to 10.4.5.0) I can ping accross the tunnel back and forth. But I can't get passed pinging between the added networks. It seems I can't have any tcp sessions. I tried RDP from one pc to another, telnetting to cisco devices, etc. No go. The only thing I can do between these 2nd pair of networks is ping. Do you know if this is even possible between two asa5505 with the basic license running version 7.24? Anything you might know to help me resolve this issue would be most appreciated. My running config's are attached along with the sh crypto ipsec sa configs.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...