I set up a regular IPsec VPN connection into my work.
THe problem is once i am connected, i cant get to anything on our network. I look at the session on the ASA and no bytes are transmitted or received.
I am sure this is something small...any ideas?
You mean..no bytes at show crypto ipsec sa?
If yes then enable nat traversal and sysopt permit connection ipsec.
oh wait...it is enabled.. im sorry.. i had a brain freeze for a minute... but.. i dont see SYSOPT permit connection ipsec
try to add this
crypto isakmp ipsec-over-tcp port 10000
group-policy himgvpn attributes
crypto isakmp nat-traversal
I will do.. can you tell me what this does?
sorry i am still learning this stuff.. seems really complicated at times :)
I am getting bytes received on the ASA, but none transmitted... i think we are getting close...!!!!!!!!!!!!!
crypto isakmp ipsec-over-tcp port 10000 (IPSec over TCP, Cisco's proprietary, by default uses TCP port 10000)
ipsec-udp enable (IPSec over UDP, Cisco's proprietary, force the other side, if it supports, do IPSec over UDP, by default uses UDP port 10000)
crypto isakmp nat-traversal (NAT-T, RFC standard, take preference over "ipsec-udp enable". If both peers support NAT-T and NAT was detected in isakmp phase MM3/MM4, they will use IPSec over UDP with port 4500)