Re: No data one way over ipsec

mickyq · ‎11-14-2013

Hi

Im working with a 3rd party trying to establish a vpn. They are using a 2801 router which can do security and vpn. i terminat the vpns on a cisco asa 5520

We have got to a point where when they run an automated test, the tunnel comes up, I can see icmp packets coming in and returning through the inside interface using a capture but when they try and connect to anything nothing is showing in the capture.

the capture is set for full ip.

the acl in bound is set for full ip.

if i initaite traffic from the inside i can see it leave the inside interface in the capture but dont get a reply.

The third party are using sdm and dont know how to troble shoot the connection.

it seems to me there is no data comong through the tunnel.

does anyone have any ideas how i can see if any traffic is comming through from them?

thanks

Marius Gunnerud · ‎11-14-2013

If you see it leave the inside interface but do not see it enter it again, then this looks to be a routing issue between the ASA and the network the remote side is trying to reach.

Make sure that traffic for the remote destination is routed correctly towards the ASA.

Please rate any helpful posts.

--
Please remember to select a correct answer and rate helpful posts

Karsten Iwen · ‎11-14-2013

With that info I would also expect that the NAT-config is wrong. The SDM produces a pure mess of NAT-config when trying to do NAT-exemption.

Ask the other side for the config and control if NAT is correct.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni