Home/Support/Support Forum/VPN connectivity issues between Digirouter and Cisco
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

VPN connectivity issues between Digirouter and Cisco

0 votes
Hi friends. I've been going around in circles with this one for a few days but I'm hoping someone will be able to tell me where I'm going wrong. I've provided a fairly basic overview but hopefully you'll come across this issue in your careers/experiences.

Summary:
Company A and Company B need to be able to have two way communication with each other via a Cisco ASA firewall in an external Data Centre. We have an IPSEC tunnel between Company A and the ASA and another tunnel between Company B and the ASA. HQ also talks to the ASA. Encryption settings have been checked and verified at each point.

The Problem

Company A can ping HQ & ASA. The ASA can ping Company B
Company B can ping HQ & ASA. The ASA can ping Company A
Company A can ping Company B
HQ can ping Company A & Company B

The problem is that Company B cannot ping Company A

DigiRouter
I've checked the VPN settings (this can be provided) and all seems to be ok. Is there any bit of configuration on the Digirouter that would block VPN traffic. What seems to be happening is that Company B is sending traffic via the ASA but the Digirouter does not know how to handle it.

Any assistance would be greatly appreciated.

Thanks
asked Jan 24 in Digi TransPort Cellular by balchana New to the Community (2 points)

Please log in or register to answer this question.

2 Answers

+1 vote
Hi

the main thing is

1) on digi is the remote network/mask is big enough to cover the network address of all the networks involved.
2) trace to packets to see at what point the packets are dropped / lost

so
from company B are the packets seen entering the tunnel to the asa
are the packets getting to the asa
at company A are the packets arring out of the tunnel and with the correct source address
are the packets hitting the target device
are the return packets hitting the router to the asa

this would the give you tha failure point

is there any Natting going on in the routers or the ASA are the acl lists wrong size

thats where i would start

regerds

James
answered Jan 25 by James.Wilson Veteran of the Digi Community (1,173 points)
0 votes
Thanks Very much James. I will spend some time following your tips and will feedback on completion. Thanks for your time.
answered Jan 28 by balchana New to the Community (2 points)
...