We had a successful connection between a remote-access Cisco client, and the ASA. The connection can no longer transfer data, but Phase I and Phase II do complete successfully. There are several hops between seperate networks to get from the remote user to the ASA, including Verizon private lines and Verizon ISP.
Cisco troubleshooting guides strongly suggest this is a NAT-T issue, but when I turn on debug isakmp 254 and debug ipsec 254, I recieve only one modest messages about NAT-T, which is "Recieved NAT-Traversal version 02 VID". This message, and connections, are when I have NAT-T disabled on the ASA.
If I enable NAT-T on the ASA, the remote client can not establish Phase I or II; I haven't been able to collect debugs on that scenerio yet.
The client has a second laptop, both of them exihibit the same problem. We have ensured that Tunneling, UPD 4500 is enabled.
I suspect an intermediate device, or Verizon, has changed something.
What should be my next troubleshooting steps (sadly, I can not post the configs) ?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...