Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1203
Views
0
Helpful
3
Replies

IPsec tunnel (AUTOMATIC NAT DETECTION STATUS) (Acl doesnot match proxy ids

kashif.ahmad837
Level 1
Level 1

‎11-22-2016 07:54 AM - edited ‎02-21-2020 09:03 PM

Hi all,

Can any body explain to me, that whether this problem is because of NAT mismatch, or ACL mismatch.

the snapshot is attached.

thanks,

Labels:
Preview file
123 KB
0 Helpful
3 Replies 3

JP Miranda Z
Cisco Employee
Cisco Employee

‎11-22-2016 08:14 PM

Hi kashif.ahmad837,

The first message you see about an automatic NAT detection is the NAT-T check, thats why you can see the remote end device is behind nat and yours is not.

This is definitely an ACL mismatch, i will recommend you to check both ends interesting traffic and make sure they are exactly mirrored.

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful

kashif.ahmad837
Level 1
Level 1
In response to JP Miranda Z

‎11-23-2016 12:18 PM

Hi Miranda,

this is a dynamic site to site vpn, and all the other devices are connecting fine. and I compared the vpn configuration on those remote devices, they are exactly the same. but this one device would not keep its vpn up. it successfully complete the phase 2 but the session is disconnected immediately after. and the process start over and over.

0 Helpful

JP Miranda Z
Cisco Employee
Cisco Employee
In response to kashif.ahmad837

‎11-23-2016 12:34 PM

Hi kashif.ahmad837,

You can setup logging on the ASA to see the reason of the disconnection, without a reason or debugs then the tunnel is going down and also without checking the config will be kind of hard to point something out.

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful
Customers Also Viewed These Support Documents