Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1841
Views
5
Helpful
6
Replies

ASA 5510. VPN Tunnel. UDP traffic.

Go to solution
n.avramenko87
Level 1
Level 1

‎09-18-2019 05:51 AM - edited ‎02-21-2020 09:30 AM

Hello! Friends! I need your advice. I do not have ideas. May be you can help me.
So a have two offices (office 1 and office 2), for it connecting i used cisco asa 5510 and VPN between it. (site2site)
office 1 - 192.168.101.0/24 office 2 - 192.168.104.0/24
Computer from 192.168.101.0 (192.168.101.12) can see device in 192.168.104.0 (192.168.104.2). All good.It reverse direction - too. All good.
But if I switch on special encryption program om this divices (it use UDP 55777). This diveces do not see each other. They must work used only this udp port.

So what i did. Provider does not close this port. I capture trafic on both sides - a see that udp traffic 55777 goes to VPN tunnel (come out of the VPN or not-I do not know how to look)
Access lists - all traffic allow.
If ip working normal, why i have problems with udp? May be ASA blocked it? I do not know.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-18-2019 06:42 AM - edited ‎09-18-2019 06:43 AM

If i understand correctly in the VPN tunnel, your UDP Traffic dropping ?if this correct

 

look at the below : guide allow require UDP ports 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/inspect.html#wp1522169

 

if this is not the case, can you provide the logs from ASA ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-18-2019 06:42 AM - edited ‎09-18-2019 06:43 AM

If i understand correctly in the VPN tunnel, your UDP Traffic dropping ?if this correct

 

look at the below : guide allow require UDP ports 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/inspect.html#wp1522169

 

if this is not the case, can you provide the logs from ASA ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
n.avramenko87
Level 1
Level 1

‎09-18-2019 07:58 AM

Thank you for your time!!! I have read. What i have:

ASA office 1 :

UDP OUTSIDE  192.168.104.2:55777 BIO  192.168.101.12:55777, idle 0:00:09, bytes 6145, flags -

ASA office 2:

UDP OUTSIDE  192.168.101.12:55777 BIO  192.168.104.2:55777, idle 0:00:22, bytes 6065, flags -
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to n.avramenko87

‎09-18-2019 02:40 PM

Since we do not have full logs, i can only suggest at moment to Create a Rule to allow that port and check.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
n.avramenko87
Level 1
Level 1
In response to balaji.bandi

‎09-18-2019 10:37 PM

Thank you! What logs i need to show you?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to n.avramenko87

‎09-19-2019 12:45 AM

we need to complete transaction log of communication why this was failed to connect each other.

 

and post the config if possible before and after/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
n.avramenko87
Level 1
Level 1
In response to balaji.bandi

‎09-25-2019 06:19 AM

Hello! Thank you for your help! Your link on cisco giude - helped me! Thank you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card