Re: ASA 5580 site to site VPN with Netgear established but no tr

carmenvirginiagonzalez · ‎03-25-2011

I have set up a site to site VPN from a Cisco ASA 5580 to a Netgear FVS318v3 using 3DES, MD5, GH 2 and preshared key

My VPN Tunnel is always up, I can see on the netgear and firewall ASA that the connection VPN is established at both phase 1 and phase 2 level, but no traffic is flowing through the tunnel sometimes. The only way I can see the traffic passing, it is reload the tunnel on the firewall netgear.

the configurations on the firewalls are same.

I can see the requests of the ASA Red_Lan to server located at the remote site, behind the Netgear Firewall and observe traffic on the ASA but on the outside/inside interfaces of the firewall Netgear there are not traffic.

My cuestion is: Is necessary to configure and others parameters for VPN? or What is the recommendation for this solution?

Jennifer Halim · ‎03-25-2011

If ASA is sending the encrypted packet but Netgear never process it, it might be good to start with Netgear and investigate further on the Netgear device.

Are you seeing any logs in Netgear that might give you a clue?

You might want to disable any VPN keepalive on the ASA as well as Netgear for this particular tunnel as keepalive between 3rd party vendor more often breaks the tunnel than keeping the tunnel UP.

ASA 5580 site to site VPN with Netgear established but no traffic passing