Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2137
Views
20
Helpful
4
Replies

Routed VPN with Azure getting packets drop

Go to solution
Luis Seyler
Level 1
Level 1

‎11-19-2021 08:14 AM

Hi, I recently created a routed STS VPN against Azure, tunnel comes up but the traffic is being dropped when the communication starts at the side of the ASA,

 

asp captures for traffic that should go trhough the tunnel shows the following messages 

         Drop-reason: (np-socket-closed) Dropped pending packets in a closed socket

 

packet tracer shows that traffic should go out without problems

 

Wondering if I'm missing something

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Luis Seyler
Level 1
Level 1
In response to Marius Gunnerud

‎11-23-2021 02:48 PM

I was not able to find the root of the problem but we did manage to get the routed VPN working

 

We used the BGP IP of the Azure configuration as the next hop in the tunnel for its own subnet

route Azure_tunnel 10.0.9.0 255.255.255.0 10.0.9.14

 

In our case the inside network of Azure was NATed and used the next hop that was configured before for all other subnets in Azure with an IP from APIPA (I think this IP doesn't really matter)

route Azure_tunnel 172.31.5.16 255.255.255.240 169.254.225.2 - We had the tunnel set up with 169.254.225.1/30, to my understanding this IP doesn't really matter.

 

It seems all we actually needed was to add the Azure Network 10.0.9.0 where the IP for BGP lived

View solution in original post

4 Replies 4

Go to solution
Marius Gunnerud
VIP
VIP

‎11-20-2021 01:06 PM

We had the same issue.  Unfortunately we were unable to find a solution and ended up using regular s2s crypto maps instead.  We did not report this to Cisco due to the time constraint we had for getting this to work, but I am assuming it is a bug.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
Luis Seyler
Level 1
Level 1
In response to Marius Gunnerud

‎11-20-2021 03:48 PM

Thanks for that response! I'll try to see if the client can open a case with Cisco before the next session to see if they can help.

In any case, policy based worked without a problem? Provider told us they had an issue with another client using ASA and they had issues with policy based too.

Go to solution
Luis Seyler
Level 1
Level 1
In response to Marius Gunnerud

‎11-23-2021 02:48 PM

I was not able to find the root of the problem but we did manage to get the routed VPN working

 

We used the BGP IP of the Azure configuration as the next hop in the tunnel for its own subnet

route Azure_tunnel 10.0.9.0 255.255.255.0 10.0.9.14

 

In our case the inside network of Azure was NATed and used the next hop that was configured before for all other subnets in Azure with an IP from APIPA (I think this IP doesn't really matter)

route Azure_tunnel 172.31.5.16 255.255.255.240 169.254.225.2 - We had the tunnel set up with 169.254.225.1/30, to my understanding this IP doesn't really matter.

 

It seems all we actually needed was to add the Azure Network 10.0.9.0 where the IP for BGP lived

Go to solution
MHM Cisco World
VIP
VIP

‎11-20-2021 03:30 PM

follow

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card