cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
479
Views
0
Helpful
3
Replies

ASA 5505 + EZVPN Client

MaDe
Level 1
Level 1

Hi Guys,

still struggling with the EZVPN setup.
This is instantaneous setup at the moment.

LAN ---- inside-(​192.168.44.1) ASA outside-(DHCP private IP) ---- (private IP)-ISP Router-(public IP)

The ISP blocks UDP/500 and UDP/4500 so there is no way to setup a site-2-site VPN via IPsec.
So we tried to setup the ASA5505 as EZVPN client and configured to use TCP over IPsec. But without success. I think the problem is the private IP on our outside interface. Has someone face the same problem?

Thanks Markus

 

3 Replies 3

You don't show your config, so it's not possible to see if something goes wrong there.

If the config is ok, use the capture command on the HQ-ASA to see if the EZVPN-packets reach the HQ.

Good day Karsten,

next maintenance is scheduled on 2014/11/18. I'll post the necessary information after the maintenance.

Brgds,
Markus

Good all,

got the configuration...

LAN ---- inside-(​192.168.44.1) ASA outside-(10.103.14.217) ---- (10.6.0.6)-ISP Router-(217.174.237.139)

I update the IP address and attached the following log files
1. tmasb_log_file --> log file from the HQ
2. tmasb_ipsec -> is the packet capture from HQ

I found this msg in the log file:

715065|||||Group = TMASB_TEST2, IP = 217.174.237.139, IKE AM Responder FSM error history (struct &0xb40cbb00) <state>, <event>: AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CHECK_SPOOF-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR

This assume that the preshared key is wrong but I double check this with my colleague and this could not be the issue. 
I thinks the problem is before the ASA on the ISP modem. 
Maybe someone had an idea?

Thanks,
Markus

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: