From: Andrew Shin (mr.dude@gmail.com)
Date: Mon Feb 04 2008 - 12:08:10 ARST
Hi, when you say you see packets being encrypted but nothing coming back are
you referring to your PC? What do you see coming into the ASA? It sounds
like it could be that your PC perhaps is not sending the traffic to your
internal 172.20.4.0 network over the tunnel? Try doing a "route print" on
your PC and see what that shows after you connect.
-Andrew
On Feb 3, 2008 12:29 AM, Andrew Larkins <Andrew.Larkins@btgroup.co.za>
wrote:
> Thanks,
>
> But I am able to VPN successfully using UDP but not TCP so that already
> proves the config for the pool. It is only when I enable IPSec over TCP
> on default port 10000 that no data passes. I get an IP address and see
> packets being encrypted but nothing comes back...
>
> Andrew
>
>
> -----Original Message-----
> From: mdestienne@yahoo.com [mailto:mdestienne@yahoo.com]
> Sent: 01 February 2008 14:59 PM
> To: Andrew Larkins; ccielab@groupstudy.com; cisco@groupstudy.com;
> security@groupstudy.com
> Subject: Re: VPN - IPSec over TCP on PIX vs ASA - both ver 8.03 -
> strange problem only working on PIX and not ASA - UDP works on both!
>
> The first thing comes to mind is the only difference between your
> configs, the dhcp pool. Verify that your inside network has a path to
> your asa vpn pool.
>
>
> -----Original Message-----
> From: "Andrew Larkins" <Andrew.Larkins@btgroup.co.za>
>
> Date: Fri, 1 Feb 2008 10:19:06
> To:<ccielab@groupstudy.com>, <cisco@groupstudy.com>,
> <security@groupstudy.com>
> Subject: VPN - IPSec over TCP on PIX vs ASA - both ver 8.03 - strange
> problem only working on PIX and not ASA - UDP works on both!
>
>
> Good day all,
>
>
>
> I have a full working remote access VPN on both firewalls (PIX515E and
> ASA5540). ASA is replacing the PIX at a new location.
>
>
>
> Bother work perfectly with IPSec over UDP (nat-traversal UDP 4500) and
> only the PIX515E works with TCP 10000. I can however connect the VPN up
> & authenticate successfully on the ASA using IPSec over TCP, but I am
> absolutely unable to pass any data through the tunnel. Change the
> profile back to IPSec over UDP and it works perfectly.
>
>
>
> My understanding here is that short of the IPSec setup to establish the
> tunnel, all configuration is the same. If the port was blocked somewhere
> the VPN would never connect
>
>
>
> Any reason's you can think of why this does not work before I log the
> case on TAC? Any pointers on where to look further? Again, the ASA and
> PIX are identical in config (all aspects) & software except to local IP
> pool being different so I can test parallel and being different hardware
> platforms
>
>
>
> Regards
>
> Andrew
>
>
>
>
> The information contained in this message and or attachments is intended
> only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended
> recipient
> is prohibited. If you received this in error, please contact the sender
> and
> delete the material from any system and destroy any copies.
>
> The information contained in this message and or attachments is intended
> only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient
> is prohibited. If you received this in error, please contact the sender
> and
> delete the material from any system and destroy any copies.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST