ASA 8.3 VPN site-to-site does not UDP traffic to other peer

Hello!!!

Someone turned off the lights :-) I say this because that's 6.2 6.3 I can't get the basic things...

On a SAA, I created a "site-site" VPN profile to connect to a remote site, on the other side (ASA 8.2) sees no problem, I can pass all IP traffic via VPN without NAT; but on a new ASA5505 with 8.3 (1) version fw and ASDM 6.3 (1) can't do that in any way :-(

What I get is trivial...

... It works perfectly with TCP and ICMP traffic, but does not have UDP traffic: in practice, if I followed the traffic to a remote private IP, TCP and ICMP traffic I see only packets in vlan "inside" with the private IP, but with the UDP traffic on top of that, I see traffic on vlan 'out' with the IP public ASA and source port changed :

Inside: UDP to 172.16.2.128:6000 to 172.16.0.200:6000
Outside: UDP to 5.5.5.5:23400 to 172.16.0.200:6000

Why?

Of course, the traffic is not encrypted and does not reach the other side of the tunnel!

Here are the important parts of the configuration:

interface Vlan1
nameif inside
security-level 100
172.16.2.1 IP address 255.255.255.0

network obj_any object
subnet 0.0.0.0 0.0.0.0

remote network object
172.16.0.0 subnet 255.255.254.0

outside_cryptomap to access extended list ip 172.16.2.0 allow 255.255.255.0 network remote control object

NAT (inside, outside) static source any any destination static remote-remote network

network obj_any object

NAT dynamic interface (indoor, outdoor)

card crypto outside_map0 1 match address outside_cryptomap

outside_map0 card crypto 1jeu pfs

card crypto outside_map0 1 set ip.ip.ip.ip counterpart

outside_map0 card crypto 1jeu nat-t-disable

outside_map0 interface card crypto outside

Given that the new business object, I have not yet quite clear (ok, I don't find time to do a deep reading of the documentation), someone is able to direct me to fix this trivial?

Note: If I remove my drive manual nat and I flag "network translating" on the remote network object thus indicate that they want NAT with ip network remote control then don't work any IP vs. remote site traffic. Why, why have not more than the simple rules of 'nat exception' the old version and why the crypto-plan applies only to TCP traffic? Possible that there is an object any which takes all IP traffic?

A big thank you to all.

73,

Arturo

Hi Arturo,.

I know that there is a certain NAT related bugs in 8.3 (1) and although I don't remember a specific which corresponds to your symptoms, I would say you try 8.3 (2) instead, or maybe even the last available version of a temp (currently to 8.3 (2.4):)

http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=8.3.2+Interim&mdfid=279916854&sftType=Adaptive+Security+Appliance+%28ASA%29+Software&optPlat=&nodecount=9&edesignator=null&modelName=Cisco+ASA+5510+Adaptive+Security+Appliance&treeMdfId=268438162&modifmdfid=&imname=&treeName=Security&hybrid=Y&imst=N

If you still see the problem, then, check

entry Packet-trace within the udp 172.16.2.2 1025 172.16.0.1 detail 123

entry Packet-trace inside tcp 172.16.2.2 1025 172.16.0.1 detail 123

and check what's different.

HTH

Herbert

Tags: Cisco Security

Similar Questions

  • A particular Web Site does not load

    A particular website does not load, and I was previously able to view this site about 2 weeks ago. It's a free WordPress site/blog.

    I keep getting the error message "The connection to the server was reset while the page was loading." I've tried deleting all cookies and emptying the cache with no success. I also tried a "DNS Flusher" with the same result.

    I followed all the recommendations on the link using Firefox and checked the FAQ and community sections with no luck.

    I can view the page in Safari. The owner of the website can view this website using a configuration similar to mine (Mac OS 10.5, Firefox 12.0).

    Nothing I know have changed since I was able to view this site 2 weeks ago for example, I'm not going through a proxy server, nor do I have any secondary security or anti-virus running.

    Any help would be appreciated.

    This Web site does not work with a Firefox 12 user agent.
    13 Firefox works, so it would be best to install Firefox 16 because it is the last version that works on your operating system.

    See also:

  • Google and other Web sites does not work after installing Bitdefender Internet Security.

    After that installation of the version of Bitdefender Internet Security offered to the 60-second-anti-virus plugin for Firefox of Bitdefender, a number of sites have stopped working. First of all, I cannot change my homepage, because the connection hangs, and Web site does not open. In addition, tries to connect to a number of Web sites (Google, Youtube, Yahoo, DuckDuckGo, etc.) created this site:
    "Secure connection failed".

    An error occurred when connecting to www.google.com. The server has rejected the transfer protocol because the customer to a lower version of TLS on the server supports. (Error code: ssl_error_inappropriate_fallback_alert)

       The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem."

    In short, a lot of great websites do not work and are seriously harming my ability to work. Bing works as a site search engine that I can go to, but not as a home page. I desperately need help with this problem...

    Hi pokator, can you try disabling ssl scanning in bitdefender options and see if that makes a difference?
    http://www.BitDefender.com/support/what-to-do-when-security-certificates-cannot-be-verified-installed-1090.html

  • "Never include as Top Site" does not

    OS X 10.11.4

    Safari 9.1

    On a page of Top Sites, the selection of the X - box for 'Never include as Top Site' does not work. The same top site of the unwanted page reappears even if I have previously deselected it. Is there a way to fix this? I guess from a configuration file somewhere must be removed and rebuilt? Thanks for any help

    The preferences of TopSites is maybe damaged.

    Quit Safari.

    Open the Finder.

    In the Finder menu bar, click go > go to folder

    Now, copy and paste the following text:

    ~/Library/Safari/TopSites.plist

    Then click OK, and then place the TopSites.plist file in the trash.

    Relaunch Safari then try TopSites.

  • Sites does not not unless recharge clicked several times

    Title says it all. Since the installation of FF 9.0.1 frequently a site does not (circle in the round course) until charging is clicked several times.

    Can you provide a url or two in such a case, more like a dense traffic problem.

  • 280 G1 Micro Tower HP: Chipset driver needed for HP 280 G1 Micro tour Win 7 32 Bit Driver on the HP Sup site does not work

    Driver chipset on the HP support site does not load correctly.  All other drivers will charge properly.    Can someone point me to a chipset driver that is installed correctly?

    Thank you!

    Hello:

    Try the one directly from Intel...

    A 2nd on the left side of the page is the automatic installation file.

    https://Downloadcenter.Intel.com/download/20775/Intel-chipset-device-software-INF-Update-utility-

  • Many web sites does not not with correct format minus 8.0

    Many web sites does not not with correct format minus 8.0 but work fine with IE. At first glance, my internet connection has problems because the text was load but the format and images had problems, but not the internet connection. Example is www.msnbc.com or www.blueovalnews.com

    Clear the cache and cookies from sites that cause problems.

    "Clear the Cache":

    • Tools > Options > advanced > network > storage (Cache) offline: 'clear now '.

    'Delete Cookies' sites causing problems:

    • Tools > Options > privacy > Cookies: "show the Cookies".

    Start Firefox in Firefox to solve the issues in Safe Mode to check if one of the extensions or if hardware acceleration is the cause of the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > appearance/themes).

  • Logo of security for financial sites does not appear

    Logo of security for financial sites does not appear since the upgrade from 3.6 to 6.

    In Firefox 4 and later you no longer have the Status bar which showed the padlock in previous versions of Firefox.

    The padlock shows only that there is a secure connection and does not guarantee that you are connected to the right server.

    So you could always be connected to the wrong server if you make a typing mistake in the URL and someone said that mistyped the URL.

    The lock feature has been replaced by the How do I know if my connection to a Web site is secure? on the left end of the address bar.

    See also:

    You can use this extension to get a lock on the address bar.

  • My web site does not load with firefox, it's ok with google chrome

    My web site does not load upward with firefox, google chrome, it loads well

    Please click the button solved it next to the answer that meets or solved your problem of Firefox support, it appears when you are connected, so this thread is marked as solved to help other users who may have this same problem.

  • The Web of Toshiba site does not recognize of my drive hard number and P/N

    Hello

    There is a little less than two months, I bought my HDD Toshiba Canvio Basics 3.0 from Amazon. The hard drive has stopped working for some reason any (I drop or something, it simply stopped working).

    Of course, I was trying to use my warranty to repair or Exchange it, but the Web of Toshiba site does not recognize my serial number and product number. They are just there, black and white on the sticker on the back of my hard drive, but the site says they are not valid.

    Someone has an idea what is happening? I would rather not throw 50 euros by the window for less than two months of use.

    Product number is HDTB105XK3AA - and not to HDTB105 * E * K3AA like some sites say (including Amazon).

    Thanks for your help.

    Stand by. Have you contacted Amazon using Amazon options for repair under warranty or Exchange?

    Check please help Amazon option and collect detailed information on defective, damaged or significantly different returns.

    Two years ago I had problem with the mobile phone bought by Amazon and I send direct Amazon with bill Amazon.

    By the way: can you please post the link where you have tried to check the serial number of your HARD drive?

  • A banking site does not open, detect that the DNS is not responding.

    facing problem by opening a bank site.

    a banking site does not open, detect that the DNS is not responding.  Is this problem on the site of the Bank everyone or internet connection problem mine?

    Hello

    1. which version of the Windows operating system is installed on your computer?
    2. What is the error message or an exact error code?
    3. this phenomenon occurs only at a particular Web site?
    4. what version of IE are you using? (If you use Internet Explorer)

    I would sugget you follow the methods and the chcek below if it helps.

    Method 1: Find out what version of Internet Explorer you are using

    a. open Internet Explorer by clicking the Start button, and then click Internet Explorer.
    b. press ALT + H and then click on about Internet Explorer

    Method 2: Follow the link and check if that helps.

     

    Warning: Reset the Internet Explorer settings can reset security settings or privacy settings that you have added to the list of Trusted Sites. Reset the Internet Explorer settings can also reset parental control settings. We recommend that you note these sites before you use the reset Internet Explorer settings

    Method 3: You can also follow the link and check if it helps.
     

    Warning: Reset the Internet Explorer settings can reset security settings or privacy settings that you have added to the list of Trusted Sites. Reset the Internet Explorer settings can also reset parental control settings. We recommend that you note these sites before you use the reset Internet Explorer settings

    It will be useful.

  • Software LJ 2055dn - FTP site does not?

    Hi people, tried to download the installer for the Laserjet 2055dn but the HP FTP site does not respond.  Can someone give me a HTTP link for the installation of the complete software for the United States / Europe?

    Much obliged if you can help!

    Hello

    I have no problem with them (I mean, I took 5 of them randomly). You can try a different browser to see any good - I use Firefox.

    Please try this and let me know that it does not work:

    http://ftp.HP.com/pub/softlib/software11/COL33807/LJ-84320-1/P2055_default_install_v6.1_ww.exe

    Kind regards.

  • Acer site does not correctly display the specification.

    Acer site does not correctly display the specification.

    Example when you click on the link on M5 Explorer - 581 T-6405 please as to the specification of the model of S7-191-6447. Please check

    Thank you bring to our attention. We will ensure that it is transmitted.

  • update from Sony site does not recognize my OS.

    I run windows vista edition Home premium on my vaio. update from Sony site does not reconoize my BONES. help Sony tech was unable to solve the problem after 15 contacts over a period of 2 years. I was not able to get the vaio updates since the question has been raised.

    I'm sorry, but your problem seems to be with Sony.

    Sony is responsible for all their updates for Vista operating system support, they delivered, not Microsoft.

    See you soon. Mick Murphy - Microsoft partner

  • Need to create a back-up of installer of windows 7 on my drive flash, but because the site does not accept my product key

    Original title: product key error Windows 7

    Hello!

    I need to clean my office completely. However, I had installed on this PC by a company, with that I can't connect, and the windows Web site does not accept my product key. I create a back-up of installer of windows 7 on my flash drive, but because the site will not accept my product key, I can't do it.

    Any help?

    Step 1: Download a copy of Windows 7:

    For 5 years, Microsoft made it fairly easy for users of the Windows 7 operating system to get reinstall media. If you have lost your support disc or installation retail collection; either it has been damaged or defective; You can download a copy of the edition that you have licensed from a membership site called Digital River. More recently, Microsoft ended the availability to reinstall media that you can download as a. File ISO in Digital River, which is a digital reproduction of an optical disc.

    It was particularly convenient for people who could not easily get the manufacturer's recovery media, did not want to pay the fees required to get or preferred a clean configuration without the software packaged manufacturers or even a recovery partition does not work. It's easy to use, all you had to do was reinstall and reactivate using the product key located on the certificate of authenticity and download all the drivers on the manufacturers website.

    Given that this option is no longer available, what are your options? See the article for more details:

    How to: What are my options for Windows 7 reinstall media?

    Make sure you scroll down and read the section:

    What to do if you cannot get your manufacturer recovery media, refuse to use or to buy it or the Microsoft Software Recovery Website does not work?

    Step 2: Perform a custom installation, see Windows 7 section of the following article how to perform a custom installation:

    How to: perform a customized Windows installation

    Step 3:

    http://techingiteasy.WordPress.com/2012/04/13/how-to-activate-Windows-7-OEM-license-using-a-retail-disc/

Maybe you are looking for

  • Safari does not open youtube

    Hello Can't do youtube to open in safari. It started about 5 days ago and safari says that it is impossible to connect to the server. I can load youtube in chrome very well. If I disconnect and reconnect to the wifi safari load youtube for a few minu

  • memory could not be read

    When starting the computer and then create only I get this Instruction at 0x00402c60 referenced memory at 0 x 00650044 memory could not be 'read '. I have no idea. Only, when I start the computer

  • 410 ordinal not found

    dynamic link library dll urlmon

  • Hard drive get more complete without me to add what whatsoever

    Hey I recently noticed that my 60 gig C: drive becomes more complete at the time. I'm not adding anything to it because I installed all my games on my D drive which is 1 TB. I have norton 2010 is installed with updates, so I doubt that it is a virus.

  • Stuck ImageAssist - VMWare Workstation 12

    Hello world I'm having a problem where ImageAssist is blocked indefinitely at a point whenever I run it. I try to capture a Windows OEM 10 image created using VMWare Workstation 12. This post describes the exact steps I took: ImageAssist crashes and