Question about Cisco ASA 5510 Firewall

1 Answer

IPSEC problem between ASA and Microsoft ISA

Dear Sir, I have a problem I need to connect Cisco ASA 5510 to Microsoft ISA 2006 over IPSEC tunnel My ASA expert say everything configure, my ISA contact say same too. But: When ASA try to estabilish the tunnel i got the log status is: MM_WAIT_MSG2 When ISA try to estabilish the tunnel i got the log status is: MM_WAIT_MSG3 And I monitor the Internet traffic outside of ISA and not got any packets from the CISCO over Internet. NOTHING that CISCO seems to be muted. From ISA I can go to the ASA because I see the log, but the other side is nothing. Can be the problem the heavy network traffic? Because I nmap the ISA UDP port 500 and that response only 6.03 sec. Thank you Akos

Posted by on

  • borsteth May 11, 2010

    On the Cisco ASA side, trying watching the debug logs on the console after entering the following commands (may vary depending on version):

    debug crypto engine 150
    debug crypto isakmp 255
    debug crytpo ipsec 255

    (**have the command 'undebug all' handy, as you could get flooded off of the box - you can paste it in at any time to revert to normal logging**)

    Try generating a connection from either of the encryption domains, and after you get an acceptable amount of 'spammed' debug messages on the ASA console, 'undebug all' and review. You should get a hint from these messages as to where your problem lies. Try google on some of the output, as many of the messages won't turn up anything on Cisco's site, as these are typically reserved for Cisco TAC cases. Paste some in here if you feel it will help. Other than that, possibly consider running Cisco's Client VPN software if this is the kind of vpn your trying to build up, just to avoid any potential interoperability issues.


×

Ad

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that gotĀ 5 achievements.

    Governor:

    An expert whose answer gotĀ voted for 20 times.

    Hot-Shot:

    An expert who has answered 20 questions.

  • Expert
  • 87 Answers

Can you try lower encryption levels on each device and see if that helps? sometimes it is neccesary between Cisco and other devices.

Posted on Jun 16, 2009

Ad

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
Best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of.(from cars to computers, handyman, and even drones)
click here to download the app (for users in the US for now) and get all the help you need.
Goodluck!

Posted on Jan 02, 2017

Ad

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

I need help with cisco asa 5505 ssl vpn.. ssl


The total sum of the Inside/Outside/ and pool address add up to 5,265. Subtract 10% and multiply by 260 to get the gender aspect of the original formula. Move the Network address to Google and download the residual code offered by the program that appears in the open window. Enter the code in the appropriate space provided and this will solve the problem by late 2015.

Oct 09, 2013 | Cisco ASA 5505 Firewall

1 Answer

ASA VPN setup


this has been nicely explained here:

http://www.computerfreetips.com/Cisco_router_tips/ASA-VPN-tunnel.html

Feb 23, 2012 | Cisco ASA Computers & Internet

1 Answer

My cisco asa 5505 lost it image file ... how can i get the image back


if it is really deleted from FLASH, you will need to connect to ASA with a console cable, start up TFTP server on your pc, and in TFTP copy your ASA image file (.bin - on your CD that you got with ASA) so that you can get it from pc to asa.
then use tftpdnld command to set all the parameters on asa and start the download of the file from your pc .... after it has been done - just reboot asa :)

Dec 15, 2010 | Cisco ASA 5500 Firewall

1 Answer

What command do i run to show IpSec tunnel status on ASA 5520


show ipsec stats
this command was introduced in code 7.0
it will show the active tunnels, the previous tunnels and several other stats of inbound and outbound packets.....
for example:- IPsec Global Statistics ----------------------- Active tunnels: 2 Previous tunnels: 9 Inbound Bytes: 4933013 Decompressed bytes: 4933013 Packets: 80348 Dropped packets: 0 Replay failures: 0 Authentications: 80348 Authentication failures: 0 Decryptions: 80348 Decryption failures: 0 Decapsulated fragments needing reassembly: 0 Outbound Bytes: 4441740 Uncompressed bytes: 4441740 Packets: 74029 Dropped packets: 0 Authentications: 74029 Authentication failures: 0 Encryptions: 74029 Encryption failures: 0 Fragmentation successes: 3 Pre-fragmentation successes:2 Post-fragmentation successes: 1 Fragmentation failures: 2 Pre-fragmentation failures:1 Post-fragmentation failures: 1 Fragments created: 10 PMTUs sent: 1 PMTUs recvd: 2 Protocol failures: 0 Missing SA failures: 0 System capacity failures: 0

Dec 11, 2010 | Cisco ASA 5520 Firewall

1 Answer

Ipsec problem in asa


Use the ping command to check the network or find whether the application server is reachable from your network. It can be a problem with the maximum segment size (MSS) for transient packets that traverse a router or PIX/ASA device, specifically TCP segments with the SYN bit set.

Jan 22, 2010 | Cisco ASA 5510 Firewall

3 Answers

New cisco asa 5510 setup


connect your laptop to the asa5510 using a cross over cable

Oct 07, 2009 | Cisco ASA 5510 Firewall

1 Answer

Cisco ASA 5505 Firmware


Yes, it is possible and Yes you have to purchase it from Cisco.
Sorry, that is how they make the big bucks.
Consider a service contract on the unit, then you can download the firmware much cheaper.

Jul 10, 2009 | Cisco ASA 5500 Firewall

1 Answer

Restart Cisco Asa 5510


Yes. The firewall will restart. Just be sure to save your running config to memory before turning off. For that you must issue the command: write memory.

Best Regards,
T

Apr 18, 2009 | Cisco ASA 5510 Firewall

1 Answer

I need a L2TP configuration for my PIX 515 and ASA 5505


You can do this, For your ref i hv given you a link

http://channel9.msdn.com/forums/9GuyAroundTheWorld/251722-Cisco-Pix-to-Windows-Vista-Native-Client-Using-L2TP-IPSec/


Mar 01, 2009 | Cisco ASA 5500 Firewall

Not finding what you are looking for?
Cisco ASA 5510 Firewall Logo

1,061 people viewed this question

Ask a Question

Usually answered in minutes!

Top Cisco Computers & Internet Experts

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

Prashant M
Prashant M

Level 3 Expert

2260 Answers

Gareth Tomlinson
Gareth Tomlinson

Level 2 Expert

116 Answers

Are you a Cisco Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...