09-14-2012 03:19 AM - edited 02-21-2020 06:20 PM
Hi Guys,
I am trying to estabish a site to site ipsec tunnel . I have requesed the ISP to permit ip protocl between site Aand site B.
I would like to know if ISP open Ip protocol will it pass all the protocol requried for ipsec tunnel and do I need to ask them to open specifical the below protocols
50 - Encapsulation Header (ESP)
51 - Authentication Header (AH)
500/udp - Internet Key Exchange (IKE)
4500/udp - NAT traversal
Thanks in advance
Solved! Go to Solution.
09-14-2012 10:15 AM
Please extend your crypto-definition to include the internal networks instead of only the ASA-inside ip and test it from an internal PC.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-14-2012 11:17 AM
Thank Karsten, I wil test this and let u know .
But with the current configuration can i estabish a tunnel between ASA inside ips
ASA 1 # ping inside (ASA2 inside ip ) will this work ?
09-16-2012 12:22 AM
Thanks guys for all your inputs.
Thanks karsten.iwen. The tunnel is up and working fine, with ISP just permitting "ip" protocol.
I had internal routing problem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide