08-31-2010 10:11 AM
Did Verizon DSL (East coast / USA) change VPN practices or filtering today?
We have 4 site-to-site IPSec VPN tunnels up all the time, and today our tunnel to a Verizon DSL endpoint (ASA-5505) will not connect! This is very frustrating. Of course Verizon does not "support" VPN tunneling on their DSL, but it has worked fine in the past. Nothing changed in any configs. Other 3 VPNs are working fine, but none of the other endpoints are Verizon.
The VPN structure is ASA to ASA so there is no complexity in hardware brands, etc. Phase 1 will not complete. Using pre-share/3des/sha/dh1, like we always have.
Thank you! Hopefully someone else has seen this.
-mike
09-01-2010 12:46 AM
Hey Michael,
Can you please attach the follwoing debugs from ASA--
debug crypto isakmp 127
debug crypto ipsec 127
Thanks
Ankur
09-01-2010 05:21 AM
There is nothing to debug now since the tunnel came back up, after about 6 hours down.
At the time, a show crypto isakmp sa would return...
On one end, state MM_WAIT_MSG2
On the other, state MM_WAIT_MSG3
So to me that suggested one side would send the initial comm, it would get received by the other side which would send it back, then be waiting for step 3. The original side never gets the step 2 msg and so it doesn't complete. From what I could read on various forums, this suggested some sort of intermittent routing as a possible cause, and seeing as Verizon just fixed it themselves, it might have been a Verizon routing problem. Tho they won't confirm it was, and their routing tests showed there was no problem.
Thank you for giving it some thought tho!
09-01-2010 05:18 PM
Thanks for the reply!!
Yes you are right, our side sent the traffic, it was recieved at verizon end, they also responded but that never came back to us. It can be due to routing or might be some other blockage on transitioning path.
I am glad that this issue is resolved now
Appreciate your time.
Ankur
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide