I am trying to have a new VPN profile on a ASA 5520 at one of my remote sites authenticate to an RSA server in our main data center. The sites are connected via MPLS. I have set my SDI interface to the MPLS interface, verified the settings in RSA, and verified all the SDI settings. My issue is everytime I try and do the Auth test with a legit user I recieve:
ERROR: Authenication Server not responding: No Error
I next began checking NATs, and routes and verified all was in place. I set up a packet capture on my remote office ASA on the MPLS interface, and on the main DS MPLS and inside (where the RSA server resides) interface. Below is the capture:
So the network is ruled out as I am seeing all the packets at each interface. When I run a packet tracer fromt he remote office ASA I get the packet dropped due to a configured ACL rule. (the default deny) However I have a permit IP any any on the MPLS interface, and if the packet were actually getting dropped, then the packets would not show up in the packet capture.
Any ideas? I am banging my head against a wall here.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...