Search Discussions:
Advanced Search...
Welcome to Nokia Support Discussions! Here you can share advice and tips with thousands of other Nokia users around the world in English. Many Nokia employees also follow and participate in the discussions, see our guidelines for more information. Everyone can search and read the discussions, but to post your own question or reply to others, simply sign in with your Nokia account. If this is your first time here, you can choose an alias to represent you. And if you don't have a Nokia account yet, please register.
Reply

E7 - MVPN - ASA: Can connect but no Data

Contributor
smcmanus
Posts: 8
Accepted Solution

E7 - MVPN - ASA: Can connect but no Data

[ Edited ]

Hello Nokia People

 

I have a Nokia E7 and I am trying to connect to my Companies Colocation facility for support,  I have access to all the firewallsM routers and switches involved.   To make things simple for trouble shooting I used the Default Template Cisco_ASA_pskxauth.pol and modified it. I changed the Server IP, the PSK and the protocols (from AES SHA to 3DES and MD5).  when I try and connect it seems to connect fine, and the ASA confirms this. But any Pings sent from the destination to the phone fails.   I am including the  Results I got from the ASA.

 

Detailed ISAKMP SA

12  IKE Peer: xx.xx.9.114
    Type    : user            Role    : responder
    Rekey   : no              State   : AM_ACTIVE
    Encrypt : 3des            Hash    : MD5
    Auth    : preshared       Lifetime: 86400
    Lifetime Remaining: 86117

 

Notice the Encaps and the Decaps.  This means my firewall is correctly sending and receiving secure data successfully.
peer address: xx.xx.9.114

    Crypto map tag: dialin, seq num: 500, local addr: 72.38.228.130

      local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
      remote ident (addr/mask/prot/port): (10.50.50.3/255.255.255.255/0/0)
      current_peer: xx.xx.9.114, username: gpsnet
      dynamic allocated peer ip: 10.50.50.3

      #pkts encaps: 30, #pkts encrypt: 30, #pkts digest: 30
      #pkts decaps: 40, #pkts decrypt: 40, #pkts verify: 40
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 30, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.:xx.xx.228.130, remote crypto endpt.: xx.xx.9.114

      path mtu 1500, ipsec overhead 58, media mtu 1500
      current outbound spi: 1D19D9A8

    inbound esp sas:
      spi: 0xF85C7D13 (4166810899)
         transform: esp-3des esp-md5-hmac none
         in use settings ={RA, Tunnel, }
         slot: 0, conn_id: 10985472, crypto-map: dialin
         sa timing: remaining key lifetime (sec): 3191
         IV size: 8 bytes
         replay detection support: Y
    outbound esp sas:
      spi: 0x1D19D9A8 (488233384)
         transform: esp-3des esp-md5-hmac none
         in use settings ={RA, Tunnel, }
         slot: 0, conn_id: 10985472, crypto-map: dialin
         sa timing: remaining key lifetime (sec): 3191
         IV size: 8 bytes
         replay detection support: Y

here are the Pings as tracked by the ASA. I got no Returns.

 

ICMP echo request from Inside:192.168.2.30 to Outside:10.50.50.3 ID=1 seq=15 len=32
ICMP echo request from Inside:192.168.2.30 to Outside:10.50.50.3 ID=1 seq=16 len=32

If anyone can shed some light that would be awesome.

Please use plain text.
Contributor
smcmanus
Posts: 8

Re: E7 - MVPN - ASA: Can connect but no Data

BTW.  Just to keep people in the loop.

It seems to be just my very small loop. 

But anyway.

 

I have solved my own issue, it was a broken VPN config, on the ASA. 

 

I have gotten it to work with another meshed VPN. 

 

It doesn't seem terribly stable, usually dropping after one minute sometimes.  

 

If I manage to get some some traffic across it, it seems to stay open.

 

Steve

Please use plain text.