10-31-2017 05:32 AM - edited 02-21-2020 06:36 AM
Hello guys!
I'm trying to create a new VPN, but is not coming IP.
First I have a route-map in my core switch that say to redirect the traffic to the internet firewall when the source and destination was regard the VPN.
In the firewall I can see 02 different logs:
Phase: 10
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xb00b8f50, priority=70, domain=encrypt, deny=false
hits=538, user_data=0x0, cs_id=0xb416f040, reverse, flags=0x0, protocol=0
src ip=SITEL-CIELO-TRAINNING, mask=255.255.255.0, port=0
dst ip=10.82.10.87, mask=255.255.255.255, port=0, dscp=0x0
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside-lp
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
And
IKE Peer: 201.x.x.x
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
I saw in some docummentation that this message "MM_WAIT_MSG2" mean that I'm not receiving answer from the other side. But they said that can´t receive any traffic from my side.
Any one knows what can be done?
Thanks
10-31-2017 09:50 AM
Actually this message means that your peer send encr/hash/dh as the initiator and is waiting for response. If the other end did not receive this message, your end stay on this status.
Do you have basic connectivity? I mean, can you ping the remote peer?
-If I helped you somehow, please, rate it as useful.-
10-31-2017 09:55 AM
Hello Flavio,
Thanks for your support.
Yes, from my firewall I can ping the remote site.
10-31-2017 10:16 AM
On this situation it is necessary a four-hands troubleshooting. As per the logs, packets looks stopping somewhere. It is necessary both ends validate their sides and make sure packets get on the destination.
Phase 1 problem is basically network problem.
-If I helped you somehow, please, rate it as useful.-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide