December 2, 2008 02:03am pst

1. lrmoore 123,490
2. batry_boy 70,960
3. RobWill 37,550
4. dpk_wal 32,425
5. arnold 25,175
6. Voltz-dk 16,420
7. ebjers 16,130
8. rsivanandan 14,175
9. mkielar 12,500
10. harbor235 12,000
11. JFrederic... 11,800
12. MrHusy 11,000
13. Cyclops3... 10,900
14. _jesper_ 9,575
15. SteveH_UK 9,000
15. bkepford 9,000
17. mwecom... 7,985
18. trinak96 7,865
19. PeteLong 7,475
20. Qlemo 6,840
21. AugustTen 6,500
22. SysExpert 6,000
22. Jay_Gridley 6,000
22. decoleur 6,000
25. wilsj 5,600

1. lrmoore 382,832
2. RobWill 192,774
3. batry_boy 117,335
4. richrumble 111,117
5. rsivanandan 59,892
6. ahoffmann 44,523
7. dpk_wal 42,425
8. arnold 38,435
9. Cyclops3... 35,775
10. grblades 35,012
11. pseudocy... 34,059
12. harbor235 30,398
13. tim_holman 27,445
14. kbbcnet 26,524
15. ebjers 25,140
16. decoleur 25,014
17. Tolomir 23,651
18. sciwriter 23,050
19. Voltz-dk 23,020
20. keith_ala... 22,600
21. giltjr 22,145
22. calvinetter 20,950
23. PowerIT 20,560
24. chris_cal... 19,770
25. PeteLong 19,155

08.30.2008 at 08:42AM PDT, ID: 23691112

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.4

IPSec Spoof Error on ASA on "select" networks

Asked by snchelpdesk in IPSec Security Protocol, Virtual Private Networking (VPN), Cisco PIX Firewall

When connecting from "some" networks I am experiencing an "ipsec spoof error " - most clients and networks fine. Seems like a local machine problem BUT when connected to a "working" network with the problem client machine it works?!?

The configuration of the ASA consists of a site-to-site link and Client VPN to support remotes coming into the ASA and across the site-to-site link.

Again - the frustration - most clients working a few (myself) not!

Thank you for you help,
Dave
Start Free Trial

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:

           
           
             same-security-traffic permit intra-interface
access-list nonat extended permit ip 10.xx.xx.0 255.255.255.0 10.xx.xx.0 255.255.255.0 
access-list nonat extended permit ip 10.xx.xx.0 255.255.255.0 10.xx.xx.0 255.255.255.0 
access-list outside_1_cryptomap extended permit ip 10.xx.xx.0 255.255.255.0 10.xx.xx.0 
 
255.255.255.0 
access-list outside extended permit icmp any any 
access-list outside extended permit tcp any any 
access-list outside extended permit udp any any 
access-list outside extended permit ip any any inactive 
access-list espiritusvpn_splitTunnelAcl standard permit 10.xx.xx.0 255.255.255.0 
access-list espiritusvpn_splitTunnelAcl standard permit 10.xx.xx.0 255.255.255.0 
access-list 100 extended permit ip 10.xx.xx.0 255.255.255.0 10.30.6.0 255.255.255.0 
 
 
ip local pool vpn-addr 10.xx.xx.100-10.xx.xx.150 mask 255.255.255.0
 
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside in interface outside
 
no sysopt connection permit-vpn
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set EClinical-SET esp-3des esp-sha-hmac 
crypto dynamic-map outside_dyn_map 20 set transform-set EClinical-SET
crypto map outside_map 1 match address 100
crypto map outside_map 1 set peer 216.10.115.215 
crypto map outside_map 1 set transform-set EClinical-SET
crypto map outside_map 1 set nat-t-disable
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address 
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 28800
crypto isakmp reload-wait
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
           
         

Attachments:

packet-trace-outside-spoof-error.jpg (88 KB) (File Type Details)

snapshot of packet trace with "spoof" error detected

Keywords: IPSec Spoof Error on ASA on "select…

	Title
1	Cisco ASA 5510 IPSec Passthrough
2	ASA L2L IPSec Spoofed
3	ipsec-spoof detected error
4	IPSec VPN
5	PIX AND ISA IPSEC VPN
6	How to configure ASA 5540 to allo…

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

IPSec Spoof Error on ASA on "select" networks

Asked by snchelpdesk in IPSec Security Protocol, Virtual Private Networking (VPN), Cisco PIX Firewall

About this solution