Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
928
Views
0
Helpful
2
Replies

Site to Site UDP Packet Drop

Go to solution
andrews_steven
Level 1
Level 1

‎12-09-2018 02:38 PM - edited ‎12-09-2018 02:40 PM

Hey all,

 

I am going through the process of cutting over from a pfsense firewall to an ASA. I have done some test cutovers outside of hours and have fixed a number of configuration issues however I am stuck on one.

 

I cannot seem to get the Site to Site VPNs to establish a connection. The other endpoints are Draytek routers. 

 

The error message I am getting it (IPs modified):

"%ASA-7-710005: UDP request discarded from 1.1.1.1/33524 to WAN:2.2.2.2/500"

 

Sanitized config is attached.

 

Any assistance would be great, I am starting to pull my hair out over this one!

 

Thank you,

Steven

 

 

 

 

Labels:
Preview file
37 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
andrews_steven
Level 1
Level 1

‎12-09-2018 07:42 PM

May have found the issue on this. Whilst troubleshooting some issues I disabled ikev1&2 on WAN '=(, which would explain why the ASA was not replying.

 

I have added the following and will test tomorrow morning.

 

crypto ikev2 enable WAN
crypto ikev1 enable WAN

I am hoping this issue was just a silly oversight by me whilst looking over other issues. I will report back tomorrow and advise.

 

Thank you,

Steven

View solution in original post

0 Helpful

Go to solution
andrews_steven
Level 1
Level 1
In response to andrews_steven

‎12-10-2018 01:34 PM

Ok, so was able to get some more useful logs this morning. There were a couple of IKE mismatches, but once I fixed this up I was good to go.

 

So initial issue was just me overlooking a basic setting.

 

Thank you,

Steven

View solution in original post

0 Helpful
2 Replies 2

Go to solution
andrews_steven
Level 1
Level 1

‎12-09-2018 07:42 PM

May have found the issue on this. Whilst troubleshooting some issues I disabled ikev1&2 on WAN '=(, which would explain why the ASA was not replying.

 

I have added the following and will test tomorrow morning.

 

crypto ikev2 enable WAN
crypto ikev1 enable WAN

I am hoping this issue was just a silly oversight by me whilst looking over other issues. I will report back tomorrow and advise.

 

Thank you,

Steven

0 Helpful

Go to solution
andrews_steven
Level 1
Level 1
In response to andrews_steven

‎12-10-2018 01:34 PM

Ok, so was able to get some more useful logs this morning. There were a couple of IKE mismatches, but once I fixed this up I was good to go.

 

So initial issue was just me overlooking a basic setting.

 

Thank you,

Steven

0 Helpful
Customers Also Viewed These Support Documents