Re: Strange error can authenicate but no data is being tx? need

rbinc · ‎03-08-2003

Ok I am at the sans conference here in San Diego. I am on a nated network and behind their firewall. i have a cisco 3015 back at the office. i can authenicate to it but i cannot transfer data back and forth. at home, i nat and can connect with no problem. i asked if they had port esp open and they said yes all necessary ports are open. am i doing something wrong? i am at a lose here because i cannot figure out what could be the problem. logs look normal except rx/tx are 0.

thanks for any input!

Jenn

mli · ‎03-09-2003

Do you know if you are really doing NAT or if the maybe are doing PAT (i.e many inside hosts share one external host)? If they are doing PAT I think the only way to get connected to the VPN 3000 box are to use TCP encapulation.

rbinc · ‎03-09-2003

I will have to check on that but i am using ipsec over udp (as well as, not) that should resolve the "pat" issue - correct?

rjwalani · ‎03-09-2003

Hi Jenn,

You are right, IPSec over UDP should resolve the PAT issue. You need to make sure that the firewall at the client end does not block the udp port which you using for encapsulating the ESP packet ( default being udp 10000 and is configured at the group level on the concentrator)

Regards

Ranjana

Strange error can authenicate but no data is being tx? need help

SEG: Validation Error : Certificates signature verification failed

ASR9000 シリーズ(IOS-XR)にて Tx

Forward Error Connection 'FEC'

如何解决 TCP data backup 慢的问题

ISE - O que precisamos saber sobre Data Connect