Solved: Site-2-Site VPN issue

Mohammed Faiz Mohiuddin · ‎10-10-2011

Dear Netpro Gurus,

Does an upstream router with IOS 15 have a role in not allowing s2s vpn

traffic from an ASA 5520 to pass through. If that is the case then how to fix it.

Regards

Faiz

Jennifer Halim · ‎10-10-2011

Nothing needs to be done for pass through VPN traffic as far as licensing is concern on IOS 15.0.

If you are actually terminating the IPSec VPN tunnel on the IOS 15.0 router, then yes, you would need to have the K9 Security license, but for pass through traffic, there is no extra license required.

View solution in original post

Jennifer Halim · ‎10-10-2011

It really depends on what configuration you have on the IOS 15 router.

Any CBAC, or ZBFW, or NAT, or access-list that might be blocking the traffic S2S VPN traffic?

You might want to check the following protocols:

- UDP/500

- ESP procotocl

- UDP/4500

Mohammed Faiz Mohiuddin · ‎10-10-2011

There is no access list related to any services. what I meant was whether the new 15.0 IOS itself is not allowing the

VPN traffic. I was having a thought that maybe it needs a licensing Key to unlock the VPN cabability and allow VPN traffic to pass through.

Regards

Faiz

Jennifer Halim · ‎10-10-2011

Nothing needs to be done for pass through VPN traffic as far as licensing is concern on IOS 15.0.

If you are actually terminating the IPSec VPN tunnel on the IOS 15.0 router, then yes, you would need to have the K9 Security license, but for pass through traffic, there is no extra license required.

Mohammed Faiz Mohiuddin · ‎10-10-2011

Thank you very much, appreciated your time and answer.