So i'm almost positive that its on the Windows side that keeping this from working. The above are the result of trying to ping either side(from both sides), but if I run a tracert from the windows side I start to see packets coming across (below). the tunnel shows as up, on both side, and traffic is being sent from the ASA to the Windows server, but not really coming back from the Windows server. Then on the Windows server, it shows the tunnel up as well. Here is my Windows Tunnel: netsh advfirewall consec add rule name="T2HQTUNNEL" enable=yes mode=tunnel localtunnelendpoint=198.xxx.xxx.xxx remotetunnelendpoint=75.xxx.xxx.xxx endpoint1=10.180.20.0/24 endpoint2=192.168.1.0/24 action=requireinrequireout auth1=computerpsk auth1psk="************" qmsecmethods=esp:sha1-3des qmpfs=dhgroup1 exemptipsecprotectedconnections=yes What am I missing on the Windows side?
... View more
Hello all, long time follower first time poster here. I have 2 issues really, but both related: 1: I have an ASA 5505 with a tunnel to the public interface of a Windows Server 2008 R2 box in the cloud using the built in advanced connetion rules. I can get this tunnel to come up by pinging an inside subnet ip from either side. The tunnel will stay up for a while then dissconnect with the error: Sesson discconected, reason user requested. So how do I get this tunnel to stay alive? and I have a feeling the answer will depend on the next problem: 2: and probably more importantly - I'm unable to ping hosts on either side of the tunnel once the tunnel is up. If I use the packet tracer on the ASA it shows that packets to the cloud servers inside subnet get dropped with the error (Deny IP spoof from 192.168.1.1 to 10.180.20.97 on inside), which doesn't seem right to me as the traffic should be treated as inside traffic destine for the VPN tunnel. However if I ping the Windows box from a host behind the ASA, the tunnel comes up, Deny IP spoof isn't seen in the logs, and pings are unsuccesful. And of course I cannot ping the ASA from the windows box either. Any help would greatly appreciated! Thanks! -SyFry
... View more