We've been struggling to get 3 SA520W's to make an IPSec Site-to-Site tunnel. After searching the web, we finally found a post about the Racoon firewall and this issue suggesting turning off Perfect Forward Secrecy. After turning off PFS on the SA and the ASAsetups, we've got all the tunnels to come up. However, we can't get any traffic to pass between the two networks. We're still learning the SA's. We're still learning the SA units. How can we see the traffic coming through the tunnel? When we go to View Logs, nothing shows up on the SA but I'm not sure how to enable logging for that traffic. Ultimately, we'd like to be able to control the traffic through the VPN tunnel in the firewall settings so we can restrict certain protocols and source/destinations. If I could do that, then I'd know where to enable logging to see that traffic but the firewall doesn't seem to identify the VPN networks as a source or destination. What's the best steps to track down why the traffic isn't passing through the IPSec tunnels we have established? Thanks, John
... View more
I believe there's a typo on page 14 that can prevent users from receiving onbound calls. I was able to make calls via an Asterisk PBX just fine but inbound calls wouldn't ring on the SPA525G. Digging in I saw that I had not set "Use Auth ID" to 'yes' and I hadn't set the "Auth ID". On page 14, section 2, b, it has the extension password of '151secret' for the 'Auth ID:' but it should be the actual extension # '151' rather than the extension password. Again, the 'Auth ID' should be your SIP extension # rather than the extension password.
... View more