Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
5390
Views
0
Helpful
17
Replies

Permit Ipsec protocol in ISP

Go to solution
cisconell
Level 1
Level 1

ā€Ž09-14-2012 03:19 AM - edited ā€Ž02-21-2020 06:20 PM

Hi Guys,

I am trying to estabish a site to site ipsec tunnel . I have requesed the ISP to permit ip protocl between site Aand site  B.

I would like to know if ISP open Ip protocol will it pass all the protocol requried for ipsec tunnel and do I need to ask them to open specifical the below protocols

50 - Encapsulation Header (ESP)

51 - Authentication Header (AH)

500/udp - Internet Key Exchange (IKE)

4500/udp - NAT traversal

Thanks in advance

Labels:
0 Helpful
17 Replies 17

Go to solution
Karsten Iwen
VIP
VIP
In response to cisconell

ā€Ž09-14-2012 10:15 AM

Please extend your crypto-definition to include the internal networks instead of only the ASA-inside ip and test it from an internal PC.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
cisconell
Level 1
Level 1
In response to Karsten Iwen

ā€Ž09-14-2012 11:17 AM

Thank Karsten, I wil test this and let u know .

But with the current configuration can i estabish a tunnel between ASA inside ips

  ASA 1 # ping inside (ASA2 inside ip ) will this work ?

0 Helpful

Go to solution
cisconell
Level 1
Level 1
In response to cisconell

ā€Ž09-16-2012 12:22 AM

Thanks guys for all your inputs.

Thanks karsten.iwen. The tunnel is up and working fine, with ISP just permitting "ip" protocol.

I had internal routing problem

0 Helpful
Customers Also Viewed These Support Documents