We help IT Professionals succeed at work.

Easy VPN server and client up, but no traffic

butler741
butler741 asked
on
755 Views
Last Modified: 2012-02-08
I have (2) 5505 ASA 8.4(3) with one static IP and one Dynamic IP per side.

I got the IPSec tunnel up using Easy VPN.

Here is the problem:

From the server side I can ping from the inside interface to the outside interface of remote.
-and-
From the remote side I can ping from the outside interface to the inside interface of the server.

Am I missing something? How am I supposed to get the traffic to pass on both sides?  
Are you supposed to PAT from the inside network to the outside interface on the remote?

Any help would be appreciated.


Here is some info:
Remote Side connects to ISP with DHCP and gets outside address of 198.243.x.x
The Remote Inside Network is: 172.16.x.x
The Server side Peer is: 50.78.x.x

This is from Remote side:   show cry ip sa peer 50.78.x.x


peer address: 50.78.x.x
    Crypto map tag: _vpnc_cm, seq num: 10, local addr: 198.243.x.x

      access-list _vpnc_acl extended permit ip 172.16.x.x 255.255.248.0 any
      local ident (addr/mask/prot/port): (172.16.x.x/255.255.248.0/0/0)
      remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
      current_peer: 50.78.x.x, username: 50.78.x.x
      dynamic allocated peer ip: 0.0.0.0

      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 157, #pkts decrypt: 157, #pkts verify: 157
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 198.243.x.x/4500, remote crypto endpt.: 50.78.x.x/4500
      path mtu 1500, ipsec overhead 82, media mtu 1500
      current outbound spi: EE77C431
      current inbound spi : D64C2295

    inbound esp sas:
      spi: 0xD64C2295 (3595313813)
         transform: esp-aes-256 esp-sha-hmac no compression
         in use settings ={RA, Tunnel,  NAT-T-Encaps, PFS Group 2, }
         slot: 0, conn_id: 12562432, crypto-map: _vpnc_cm
         sa timing: remaining key lifetime (sec): 8583
         IV size: 16 bytes
         replay detection support: Y
         Anti replay bitmap:
          0xFFFFFFFF 0xFFFFFFFF
    outbound esp sas:
      spi: 0xEE77C431 (4000826417)
         transform: esp-aes-256 esp-sha-hmac no compression
         in use settings ={RA, Tunnel,  NAT-T-Encaps, PFS Group 2, }
         slot: 0, conn_id: 12562432, crypto-map: _vpnc_cm
         sa timing: remaining key lifetime (sec): 8583
         IV size: 16 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x00000001

    Crypto map tag: _vpnc_cm, seq num: 10, local addr: 198.243.x.x

      access-list _vpnc_acl extended permit ip host 198.243.3.10 any
      local ident (addr/mask/prot/port): (198.243.x.x/255.255.255.255/0/0)
      remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
      current_peer: 50.78.x.x, username: 50.78.x.x
      dynamic allocated peer ip: 0.0.0.0

      #pkts encaps: 53, #pkts encrypt: 53, #pkts digest: 53
      #pkts decaps: 25, #pkts decrypt: 25, #pkts verify: 25
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 53, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 198.243.x.x/4500, remote crypto endpt.: 50.78.x.x/4500
      path mtu 1500, ipsec overhead 82, media mtu 1500
      current outbound spi: 8191B657
      current inbound spi : DE8675E5

    inbound esp sas:
      spi: 0xDE8675E5 (3733353957)
         transform: esp-aes-256 esp-sha-hmac no compression
         in use settings ={RA, Tunnel,  NAT-T-Encaps, PFS Group 2, }
         slot: 0, conn_id: 12562432, crypto-map: _vpnc_cm
         sa timing: remaining key lifetime (sec): 8582
         IV size: 16 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x03FFFFFF
    outbound esp sas:
      spi: 0x8191B657 (2173810263)
         transform: esp-aes-256 esp-sha-hmac no compression
         in use settings ={RA, Tunnel,  NAT-T-Encaps, PFS Group 2, }
         slot: 0, conn_id: 12562432, crypto-map: _vpnc_cm
         sa timing: remaining key lifetime (sec): 8566
         IV size: 16 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x00000001
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.