Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 10319 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site2Site IPsec VPN Problems

ccnaman
Hello all, I'm having a problem setting up a VPN with our ASG V8 to a Cisco ASA 5520. I set up the remote gateway and the connection, I have a green light and good tunnel, however I cannot communicate between the internal networks. Do I also have to set up a route or maybe a NAT rule? I thought that between the gateway and connection I should be all set. When I try to ping the remote internal network from the tools menu in ASG, I get this in the log. 

 cannot respond to IPsec SA request because no connection is known for 192.9.0.0/23===xx.152.200.154[xx.152.200.154]...***.82.200.4[***.82.200.4]===192.168.150.63/32

What am I missing?

Thanks in advance,
Richard


This thread was automatically locked due to age.
Parents
  • 0
    Here's what comes up when I try to ping inside their ASA...

    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: initiating Main Mode to replace #246
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ignoring Vendor ID payload [FRAGMENTATION c0000000]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: enabling possible NAT-traversal with method RFC 3947
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ignoring Vendor ID payload [Cisco-Unity]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: received Vendor ID payload [XAUTH]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ignoring Vendor ID payload [33ebd61cfaa55a072f59e81cbe0cc407]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ignoring Vendor ID payload [Cisco VPN 3000 Series]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: received Vendor ID payload [Dead Peer Detection]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: Peer ID is ID_IPV4_ADDR: '208.82.200.4'
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ISAKMP SA established
    2013:04:08-08:39:52 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #254: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #251 {using isakmp#253}
    2013:04:08-08:39:52 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #254: sent QI2, IPsec SA established {ESP=>0x2f8a6641 
Reply
  • 0
    Here's what comes up when I try to ping inside their ASA...

    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: initiating Main Mode to replace #246
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ignoring Vendor ID payload [FRAGMENTATION c0000000]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: enabling possible NAT-traversal with method RFC 3947
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ignoring Vendor ID payload [Cisco-Unity]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: received Vendor ID payload [XAUTH]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ignoring Vendor ID payload [33ebd61cfaa55a072f59e81cbe0cc407]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ignoring Vendor ID payload [Cisco VPN 3000 Series]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: received Vendor ID payload [Dead Peer Detection]
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: Peer ID is ID_IPV4_ADDR: '208.82.200.4'
    2013:04:08-08:07:50 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #253: ISAKMP SA established
    2013:04:08-08:39:52 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #254: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #251 {using isakmp#253}
    2013:04:08-08:39:52 dartmofw01 pluto[30313]: "S_REF_IpsSitTrident_0" #254: sent QI2, IPsec SA established {ESP=>0x2f8a6641 
Children
No Data