Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1844
Views
5
Helpful
6
Replies

ASA 5510. VPN Tunnel. UDP traffic.

Go to solution
n.avramenko87
Level 1
Level 1

‎09-18-2019 05:51 AM - edited ‎02-21-2020 09:30 AM

Hello! Friends! I need your advice. I do not have ideas. May be you can help me.
So a have two offices (office 1 and office 2), for it connecting i used cisco asa 5510 and VPN between it. (site2site)
office 1 - 192.168.101.0/24 office 2 - 192.168.104.0/24
Computer from 192.168.101.0 (192.168.101.12) can see device in 192.168.104.0 (192.168.104.2). All good.It reverse direction - too. All good.
But if I switch on special encryption program om this divices (it use UDP 55777). This diveces do not see each other. They must work used only this udp port.

So what i did. Provider does not close this port. I capture trafic on both sides - a see that udp traffic 55777 goes to VPN tunnel (come out of the VPN or not-I do not know how to look)
Access lists - all traffic allow.
If ip working normal, why i have problems with udp? May be ASA blocked it? I do not know.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-18-2019 06:42 AM - edited ‎09-18-2019 06:43 AM

If i understand correctly in the VPN tunnel, your UDP Traffic dropping ?if this correct

 

look at the below : guide allow require UDP ports 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/inspect.html#wp1522169

 

if this is not the case, can you provide the logs from ASA ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-18-2019 06:42 AM - edited ‎09-18-2019 06:43 AM

If i understand correctly in the VPN tunnel, your UDP Traffic dropping ?if this correct

 

look at the below : guide allow require UDP ports 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/inspect.html#wp1522169

 

if this is not the case, can you provide the logs from ASA ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
n.avramenko87
Level 1
Level 1

‎09-18-2019 07:58 AM

Thank you for your time!!! I have read. What i have:

ASA office 1 :

UDP OUTSIDE  192.168.104.2:55777 BIO  192.168.101.12:55777, idle 0:00:09, bytes 6145, flags -

ASA office 2:

UDP OUTSIDE  192.168.101.12:55777 BIO  192.168.104.2:55777, idle 0:00:22, bytes 6065, flags -
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to n.avramenko87

‎09-18-2019 02:40 PM

Since we do not have full logs, i can only suggest at moment to Create a Rule to allow that port and check.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
n.avramenko87
Level 1
Level 1
In response to balaji.bandi

‎09-18-2019 10:37 PM

Thank you! What logs i need to show you?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to n.avramenko87

‎09-19-2019 12:45 AM

we need to complete transaction log of communication why this was failed to connect each other.

 

and post the config if possible before and after/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
n.avramenko87
Level 1
Level 1
In response to balaji.bandi

‎09-25-2019 06:19 AM

Hello! Thank you for your help! Your link on cisco giude - helped me! Thank you!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card