Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
1
Replies

ASA 5520 to SRP527W

Daniel Chapman
Level 1
Level 1

‎02-24-2013 06:47 PM

Hi Everybody,

Well I have a ripper of a problem that I have spent too many hours not fixing.

Cisco ASA 5520 with 8.4(5) installed and it is sitting behind a NAT firewall at the ISP.

I have a server SPR527W routers connected via the DSL port that can not create a IPSec VPN to the ASA.

So What have I tested

I have a Cisco 1841 that can connect to the ASA without any problem.

I have a Cisco SRP527W that can connect to the 1841 with a VPN with exaclty the same VPN configuration that is congifured for the link to the ASA.

So I have another ASA 5520 that is not natted at another ISP and it works with the SRP527W.

Problem is that we are migrating all the VPNs over to the new ISP as the original non natted ISP is being decommisioned.

In my debugging on the ASA is see that the ASA detects that NAT-T is enabled and has detected that it is behind a NAT but the other end is not.

No Debugging on the SRP527W.

Any Hints or points to start working on would be much apprecieated.

FYI I am using 3DES-SHA on both Phase 1 & 2.

Thanks in Advance

Daniel Chapman

Labels:
0 Helpful
1 Reply 1

Michael Muenz
Level 5
Level 5

‎02-27-2013 11:27 PM

First of all, you should really reconsider the decommissioning of the non natted ISP! Thats not best practice!

Can you turn on debugging on the console for isakmp and ipsec and initiate the tunnel?

Check with packet-capture for outgouing packets on port 4500, 500 and esp to the SRP.

What about provider router? Have you tried to restart it? Exact model?

Michael Please rate all helpful posts
0 Helpful
Customers Also Viewed These Support Documents