Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
2
Replies

vpn client problem

born.jason
Level 1
Level 1

‎11-24-2010 03:00 AM

hi,

i have a little ipsec vpn client problem.

If i connect from my home network to the company network the monitoring shows a connection with "IKE IPsecOverNatT" and i`m able to connect to the servers and so on.

But if i connect from a notebook with a mobile internet connection the monitoring shows a connection with "IKE IPsec" and i`m not able to connect to any service inside the vpn. Is this a ASA problem or is this a mobile internet connection (provider) problem

Thanks

Jason

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎11-24-2010 03:06 AM

Sounds like the provider problem if you can connect from your home network, that means it's not an ASA configuration issue as NAT-T has been enabled.

From your home network, it correctly encapsulates the ESP packet into NAT-T packet (normally UDP/4500).

From your mobile internet connection, it seems like they are not PATing the traffic hence the ASA does not detect a NAT device in between, hence using the ESP protocol, which seems to be blocked by the mobile internet provider if you can't access anything on the ASA inside network (this is assuming that your VPN stats are showing that traffic is getting encrypted) and on the ASA stats (show cry ipsec sa), there are no decrypt packets.

0 Helpful

born.jason
Level 1
Level 1
In response to Jennifer Halim

‎11-24-2010 03:16 AM

Thanks Jen. I`ll contact the provider.

0 Helpful
Customers Also Viewed These Support Documents