Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
1
Replies

VPN client not passing traffic

markwateridge
Level 1
Level 1

‎01-22-2007 01:45 AM

Ive set up a RA connection from a laptop running the Cisco VPN client to an ASA 5510, using IPsec over UDP (port 7715). The tunnel sets up, but no traffic will pass over it. Checking the stats at both ends, I see traffic encrypted by the client, but there is no increase in the decrypt counters on the ASA. I'm also seeing the following error messages in the logs :-

7|Jan 22 2007|09:35:52|710005|217.x.x.x|164.x.x.x|UDP request discarded from 217.x.x.x/7715 to External_Interface:164.x.x.x/7715

3|Jan 22 2007|09:35:52|713042|||IKE Initiator unable to find policy: Intf External_Interface, Src: 164.x.x.x, Dst: 217.x.x.x

7|Jan 22 2007|09:35:52|715077|||Pitcher: received a key acquire message, spi 0x0

Any ideas ? I do have an ACL on the external interface to allow UDP traffic on port 7715.

Labels:
0 Helpful
1 Reply 1

Not applicable

‎01-31-2007 06:27 AM

The following has to be done to recover from the issue

1. Remove the following

crypto dynamic-map store match address outside_cryptomap_< number>

and had to add the following config

nat (outside) x.x.x.x 255.255.0.0

global (outside) interface

0 Helpful
Customers Also Viewed These Support Documents