Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
740
Views
0
Helpful
2
Replies

Firepower S2S VPN

jamesupcott1
Level 1
Level 1

‎10-04-2018 05:00 AM

Hi All

 

We are currently in the process of migrating a number of S2S VPNs from ASA to Firepower. All have been successful, other than one.

 

The issue with the one that isn't working is the following:

-Tunnel forms both phase 1 and 2

-Traffic traverses VPN successfully.

-Remote location has ping connectivity over VPN

-Incoming traffic is unable to come in via the VPN on other ports e.g. 3389 RDP. I have no visibility of this traffic either.

 

I am having trouble diagnosing the problem as I don't have a visual live log. I have carried out packet captures however I see nothing. In FMC in the event viewer I see the ICMP traffic being permitted through, however nothing else regarding the failed traffic.

 

I applied an ACL permitting all traffic from the remote end, so my ACL is allowing everything. And I have set the ACL to trust which will bypass our IPS to ensure that isn't blocking any incoming traffic.

 

Any thoughts or ideas would be appreciated.

 

Kind Regards

James

 

 

Labels:
0 Helpful
2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

‎10-04-2018 05:05 AM

If you are seeing icmp traffic from the other end but nothing on port 3389, i would start looking at the other end

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

jamesupcott1
Level 1
Level 1
In response to Dennis Mink

‎10-04-2018 05:13 AM

Thanks Dennis, but the remote end hasn't changed setup.

 

We have simply lifted our ASA out the equation, and replaced with Firepower. The VPN worked correctly when ASA was in place, and the remote end configuration hasn't changed.

 

 

0 Helpful
Customers Also Viewed These Support Documents