cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

99
Views
0
Helpful
0
Replies
Highlighted

Problem to riche vpn LAN to LAN (encapsulation error)

Dear all,

 

We are a company located in Tunisia and we are trying to create a VPN LAN to LAN with our Customer in Germany but we can not rich the VPN. We are sure that the configuration is correctly done from the 2 sides but we still have a problem with encapsulation and decapsulation.

 

We are using a firewall Cisco ASA 5505. 

 

Please find below the log files :

 

 

 

access-list outside_cryptomap extended permit icmp object NAT-TO-VPN object 162.132.0.0

access-list outside_cryptomap extended permit ip object NAT-TO-VPN object 162.132.0.0

!

object network NAT-TO-VPN

host 194.120.99.83

!

object network 162.132.0.0

subnet 162.132.0.0 255.255.0.0

!

 

 

FW-cynopsys(config)# sh nat

Manual NAT Policies (Section 1)

1 (inside) to (outside) source dynamic 10.1.4.0 NAT-TO-VPN   destination static 162.132.0.0 162.132.0.0

    translate_hits = 394, untranslate_hits = 394

2 (inside) to (outside) source dynamic 10.1.4.0 interface

    translate_hits = 1960974, untranslate_hits = 140789

FW-cynopsys(config)#

 

 

FW-cynopsys(config)# sh cry isa sa

 

IKEv1 SAs:

 

   Active SA: 1

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

 

1   IKE Peer: 194.120.84.116

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

 

 

 

 

FW-cynopsys(config)# sh cry ips sa

interface: outside

    Crypto map tag: outside_map, seq num: 1, local addr: 41.225.3.132

 

      access-list outside_cryptomap extended permit icmp host 194.120.99.83 162.132.0.0 255.255.0.0

      local ident (addr/mask/prot): (194.120.99.83/255.255.255.255/1)

      remote ident (addr/mask/prot): (162.132.0.0/255.255.0.0/1)

      current_peer: 194.120.84.116

 

 

      #pkts encaps: 2, #pkts encrypt: 2, #pkts digest: 2

      #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

      #pkts compressed: 0, #pkts decompressed: 0

      #pkts not compressed: 2, #pkts comp failed: 0, #pkts decomp failed: 0

     #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

      #TFC rcvd: 0, #TFC sent: 0

      #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0

      #send errors: 0, #recv errors: 0

 

      local crypto endpt.: 41.225.3.132/0, remote crypto endpt.: 194.120.84.116/0

      path mtu 1500, ipsec overhead 74(44), media mtu 1500

      PMTU time remaining (sec): 0, DF policy: copy-df

      ICMP error validation: disabled, TFC packets: disabled

      current outbound spi: A6DA56C8

      current inbound spi : 964813EE

 

    inbound esp sas:

      spi: 0x964813EE (2521306094)

         transform: esp-aes-256 esp-sha-hmac no compression

         in use settings ={L2L, Tunnel, IKEv1, }

         slot: 0, conn_id: 57344, crypto-map: outside_map

         sa timing: remaining key lifetime (kB/sec): (4374000/3585)

         IV size: 16 bytes

         replay detection support: Y

         Anti replay bitmap:

          0x00000000 0x00000001

    outbound esp sas:

      spi: 0xA6DA56C8 (2799326920)

         transform: esp-aes-256 esp-sha-hmac no compression

         in use settings ={L2L, Tunnel, IKEv1, }

         slot: 0, conn_id: 57344, crypto-map: outside_map

         sa timing: remaining key lifetime (kB/sec): (4373999/3582)

         IV size: 16 bytes

         replay detection support: Y

         Anti replay bitmap:

          0x00000000 0x00000001

!

Global IKEv1 Statistics

  Active Tunnels:              1

  Previous Tunnels:            8

  In Octets:              134564

  In Packets:               1397

  In Drop Packets:            33

  In Notifys:               1326

  In P2 Exchanges:             0

  In P2 Exchange Invalids:     0

  In P2 Exchange Rejects:      0

  In P2 Sa Delete Requests:    0

  Out Octets:             139608

  Out Packets:              1432

  Out Drop Packets:            0

  Out Notifys:              2687

  Out P2 Exchanges:           14

  Out P2 Exchange Invalids:    0

  Out P2 Exchange Rejects:     0

  Out P2 Sa Delete Requests:  13

  Initiator Tunnels:           8

  Initiator Fails:             0

  Responder Fails:             0

  System Capacity Fails:       0

  Auth Fails:                  0

  Decrypt Fails:               0

  Hash Valid Fails:            0

  No Sa Fails:                33

!

 

Everyone's tags (3)
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards