Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
1
Replies

VPN IKEv1 data transfer problem

mehmoodch
Level 1
Level 1

‎12-03-2012 02:08 AM

Hi I just upgraded my ASA5510 from IOS 8.25 to 8.42

Everything is running fine apart from one VPN between ASA5510 and cisco 887V router.

The VPN session is up but no data traffic is being passed through The tunnel although this VPN was working fine with old IOS.

The tunnel is up but no data is passing through IKEV1 session.

Can anyone please help me urgently?

Thanks

Mahmood

      

protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.0.12.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (172.16.0.0/255.255.0.0/0/0)
   current_peer xxxxxx port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 0.0.0.0, remote crypto endpt.: 94.xxxxxxx
     path mtu 1500, ip mtu 1500, ip mtu idb Dialer0
     current outbound spi: 0x0(0)
     PFS (Y/N): N, DH group: none

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.0.12.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (172.17.0.0/255.255.0.0/0/0)
   current_peer 94.xxxxxx6 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 0.0.0.0, remote crypto endpt.: 94.xxxxxx     p

path mtu 1500, ip mtu 1500, ip mtu idb Dialer0

Labels:
Preview file
19 KB
0 Helpful
1 Reply 1

anujsharma85
Level 1
Level 1

‎12-06-2012 03:56 AM

This would require a normal troubleshooting from the beginning. Please answer following questions:

1.) Is the tunnel up on both ends, ASA as well as router in both phases?

2.) Since IPSEC SA on ASA is not showing on any increase in encrypted packets, so can you check if anything is getting dropped in ASP drops or if traffic is entering any other VPN tunnel. You can trace the packet normally using packet tracer as well.

3.) Similarly check on remote end whether on encryption is happening and if that encrypted packet is reaching ASA or not?

4.) Have you tried clearing tunnel and establishing it again.

5.) If yes, then I would need proper debugs of isakmp and ipsec from ASA of atleast 200 level to debug further...

Ideally, the aforementioned steps should corner the issue.

Regards,

Anuj

0 Helpful
Customers Also Viewed These Support Documents