Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
0
Helpful
3
Replies

How to troubleshoot this VPN issue?

Group IT
Level 1
Level 1

‎02-14-2020 07:30 AM

Hi all,

 

We have a C887VAG-4G-GA-K9 router we're trying to configure as a VPN spoke (ASA 5515 at the hub).

It uses cellular for its internet access.

 

It took us a good while, but, with thanks to this forum, we got basic internet access working on the router with our two test SIMs (BT and three.co.uk).

 

The problem we have now, is that the VPN starts up fine, connects to the ASA, and with the BT SIM installed, all is good. We can ping from the ASA side LAN to the remote (spoke) network and vice versa. But, when we switch to the three.co.uk SIM nothing seems to go across the VPN.

 

Any of the tests done with the BT SIM (which were successful), fail with the three.co.uk SIM.

 

The ASA sees no traffic pinging inbound from the spoke/router LAN. If we try to ping something on the hub network, from the spoke router, the pings fail.

 

We're not sure how to work out where the problem is.

 

The three.co.uk SIM works fine in a phone. It's a business data SIM, activated, unlocked etc. As mentioned, it works fine without the VPN.

We've Googled around, and people have reported success with various types and combinations of VPN and routers with three.co.uk.

 

How can we start to troubleshoot this?

 

Thank you!

Labels:
0 Helpful
3 Replies 3

network_guy
Level 1
Level 1

‎02-14-2020 10:44 AM

What type of VPN are you using? IPSEC, SSL, etc. It's been a while since I've stood up a VPN but I remember having some issues over some cellular providers in EUROPE blocking protocol 50 ESP. 

0 Helpful

Georg Pauwen
VIP
VIP

‎02-14-2020 12:30 PM

Hello,

 

post the configurations of the ASA and the router...

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎02-15-2020 09:29 AM

I agree that seeing the configurations would be a good first step. Here are a couple other things:

- when you are using the three.co.uk SIM do you have good connectivity to the Internet?

- what results do you get for a traceroute from your router to the ASA? If the ASA does not respond to the traceroute do you at least see a response from the device that is outside connecting to your ASA?

- debug crypto isakmp would be a good way to begin troubleshooting this issue. 

 

 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card