cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Cisco ASA SureSignal Correct Configuration

ShaunBarnett87
1: Seeker

I have a SS 3 that simply will not connenct to Vodaphone behind a Cisco ASA 5525 - 9.2.

 

Checking the ASA logs, I see:

 

DNS (Port 53) connections occur from the SS:

 

10.x.x.x 12220 8.8.8.8 53 Built outbound UDP connection 75848 for OUTSIDE:8.8.8.8/53 (8.8.8.8/53) to INSIDE:10.x.x.x/12220 (y.y.y.y/12220)

 

Then ISAKMP (port 500) tries to echange with a peer address resolved by the DNS:

 

88.82.13.171 500 10.x.x.x 500 Teardown UDP connection 75833 for OUTSIDE:88.82.13.171/500 to INSIDE:10.x.x.x/500 duration 0:08:44 bytes 6160

 

I would then expect to see ESP traffic forming (udp port 4500), but I get teardown and the device refuses to connect. After a few minutes or so, the device repeats the same process over and over.

 

I have taken the device to a standard DSL line (Cisco 800 router) with no FW in the way, then it connects with no issues.

 

What am I missing?

 

1 REPLY 1

Ben_H
Moderator (Retired)
Moderator (Retired)

Hi @ShaunBarnett87

 

Security appliances can prevent Sure Signal traffic passing through.

 

My team are unable to support queries on third party devices, but another member of the community may be able to offer their thoughts. :Smiling:

 

Cheers, Ben