still struggling with the EZVPN setup.
This is instantaneous setup at the moment.
LAN ---- inside-(192.168.44.1) ASA outside-(DHCP private IP) ---- (private IP)-ISP Router-(public IP)
The ISP blocks UDP/500 and UDP/4500 so there is no way to setup a site-2-site VPN via IPsec.
So we tried to setup the ASA5505 as EZVPN client and configured to use TCP over IPsec. But without success. I think the problem is the private IP on our outside interface. Has someone face the same problem?
You don't show your config, so it's not possible to see if something goes wrong there.
If the config is ok, use the capture command on the HQ-ASA to see if the EZVPN-packets reach the HQ.
got the configuration...
LAN ---- inside-(192.168.44.1) ASA outside-(10.103.14.217) ---- (10.6.0.6)-ISP Router-(220.127.116.11)
I update the IP address and attached the following log files
1. tmasb_log_file --> log file from the HQ
2. tmasb_ipsec -> is the packet capture from HQ
I found this msg in the log file:
715065|||||Group = TMASB_TEST2, IP = 18.104.22.168, IKE AM Responder FSM error history (struct &0xb40cbb00) <state>, <event>: AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CHECK_SPOOF-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR
This assume that the preshared key is wrong but I double check this with my colleague and this could not be the issue.
I thinks the problem is before the ASA on the ISP modem.
Maybe someone had an idea?