Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2221
Views
0
Helpful
6
Replies

How to route traffic on IPSEC VPN Tunnel

rsatjharman
Level 1
Level 1

‎09-04-2017 02:55 PM - edited ‎03-12-2019 04:31 AM

Hi,

   We have a VPN Tunnel that has been created between a CISCO ASA 5506 and a Huawei Security Device, the tunnel is up and running but I cannnot seem to communicate from the Inside Lan to the remote Inside Lan, .i.e. from 192.168.1.10 to an external IP address. Would appreciate some assistance in getting this completed.

Labels:
0 Helpful
6 Replies 6

Karsten Iwen
VIP
VIP

‎09-04-2017 11:16 PM

Look at the output of "show vpn-sessiondb detail l2l". Do you see outbound packets?

If no: Do you Route the remote office network to the ASA, is the right NAT (exemption) in place?

If yes but you don't see inbound packets:Ttroubleshoot on the other side.

0 Helpful

rsatjharman
Level 1
Level 1
In response to Karsten Iwen

‎09-07-2017 03:33 PM

Hi Karsten a little more detailed information as follows I can ping from
192.168.1.10 to Public IP through the VPN now I cannot send a TCP Packet
from 192.168.1.10 to port 55019 at the Pubic IP address
I cannot send a TCP Packet from Port 55019 at the Public IP address to
192.168.1.10

0 Helpful

rsatjharman
Level 1
Level 1
In response to Karsten Iwen

‎09-07-2017 04:06 PM

Hi Karsten response as follows -

 

Encryption : AES256 Hashing : SHA1
Encapsulation: Tunnel
Rekey Int (T): 3600 Seconds Rekey Left(T): 974 Seconds
Idle Time Out: 0 Minutes Idle TO Left : 0 Minutes
Bytes Tx : 2820 Bytes Rx : 2820
Pkts Tx : 47 Pkts Rx : 47

 

I can ping the Remote Address from the Central Office however I cannot send a tcp packet I can see that the TCP Packet leaves the ASA but it does not return. I have attached screenshots on the results of the packet tracer

Preview file
1799 KB
0 Helpful

rsatjharman
Level 1
Level 1
In response to Karsten Iwen

‎11-07-2017 01:28 PM

Hi Karsten,

                Please note that it seems that at the moment only IP traffic is going through the VPN if I look as per the attached screenshot and the ACE below 

access-list outside_cryptomap_7 line 1 extended permit ip object WEB_Server object TPNG (hitcnt=23) 0x4fb6efec
access-list outside_cryptomap_7 line 1 extended permit ip host 192.168.1.10 host 124.240.212.126 (hitcnt=23) 0x4fb6efec

 

                I need to add TCP from 192.168.1.10/any to 124.240.212.126/55019 at the moment only the ping is reaching the remote host all other traffic denied

0 Helpful

rsatjharman
Level 1
Level 1
In response to Karsten Iwen

‎11-07-2017 01:46 PM

Result of the command: "show vpn-sessiondb l2l" Session Type: LAN-to-LAN Connection : 124.240.212.118 Index : 279 IP Addr : 124.240.212.118 Protocol : IKEv1 IPsec Encryption : IKEv1: (1)AES256 IPsec: (1)AES256 Hashing : IKEv1: (1)SHA1 IPsec: (1)SHA1 Bytes Tx : 1692 Bytes Rx : 948 Login Time : 19:20:54 NZDT Mon Nov 6 2017 Duration : 1d 15h:21m:06s

0 Helpful

rsatjharman
Level 1
Level 1
In response to Karsten Iwen

‎11-07-2017 01:57 PM

Hi Karsten,

                It seems that    Telnet to the remote location is not being routed to the VPN since the Bytes Tx : 2172 Bytes Rx : 1428 does not increase after sending this command however this does change when we run Ping to the remote site

 

 

Result of the command: "show vpn-sessiondb l2l"

Session Type: LAN-to-LAN

Connection : 124.240.212.118
Index : 279 IP Addr : 124.240.212.118
Protocol : IKEv1 IPsec
Encryption : IKEv1: (1)AES256 IPsec: (1)AES256
Hashing : IKEv1: (1)SHA1 IPsec: (1)SHA1
Bytes Tx : 2172 Bytes Rx : 1428
Login Time : 19:20:54 NZDT Mon Nov 6 2017
Duration : 1d 15h:34m:00s

0 Helpful
Customers Also Viewed These Support Documents