|
Posted by dt1649651@yahoo.com on April 28, 2008, 11:57 pm
If you were Registered and logged in, you could reply and use other advanced thread options
wrote:
> Hi,
>
> This has nothing to do with your config....
> But walter is right - you need IPSEC nat-traversal - just in the other end !
> and/or you need to checkmark UDP encap in your VPN Dialer !
>
> As you do not use VPN in the ASA, you can also configure a fixup for ESP...
>
> ahh whats the ASA syntax ....
>
> hmm maybe
>
> policy-map global_policy
> class inspection_default
> inspect ipsec-pass-thru
>
> But I really think it's your VPN dialer you need to fix ..
>
Thanks, Martin.
When I add the command "isakmp nat traversal " to my ASA, it does fix
the problem.
When I add that command to the remote ASA ( VPN gateway ) I cannot
make the VPN connection.
Also tried the inspect ipsec-pass-thru.
I notice that this happens when I make the vpn connection to a remote
ASA. If the remote VPN gateway is an IOS router then the local ASA
does not complain anything.
Dt
|