On Tue, 26 Apr 2011 15:22:31 -0400 Robert Bourguignon <[email protected]> wrote:
> Hello, > I can connect to the Firewall with tunnel enabled. > But I cannot see anything on the inside network. Included is the ASA > config and the IPsec Trace. I can't ping, tracert, etc. > ... > 11/04/26 15:07:45 ii : inspecting ARP request ... > 11/04/26 15:07:45 DB : policy not found > 11/04/26 15:07:45 ii : ignoring ARP request for 192.168.2.41, no > policy found ... > 11/04/26 15:07:46 ii : inspecting ARP request ... > 11/04/26 15:07:46 DB : policy not found > 11/04/26 15:07:46 ii : ignoring ARP request for 192.168.0.1, no > policy found > 11/04/26 15:07:46 ii : inspecting ARP request ... > 11/04/26 15:07:46 DB : policy found > 11/04/26 15:07:46 DB : policy not found > 11/04/26 15:07:46 ii : spoofing ARP response for 192.168.1.1 > 11/04/26 15:07:46 DB : policy found > 11/04/26 15:07:46 DB : policy ref increment ( ref count = 1, policy ... > 11/04/26 15:07:46 ii : inspecting ARP request ... > 11/04/26 15:07:46 DB : policy not found > 11/04/26 15:07:46 ii : ignoring ARP request for 192.168.0.1, no > policy found ... > 11/04/26 15:07:47 ii : inspecting ARP request ... > 11/04/26 15:07:47 DB : policy found > 11/04/26 15:07:47 DB : policy not found > 11/04/26 15:07:47 ii : spoofing ARP response for 192.168.1.100 > 11/04/26 15:07:47 DB : policy found ... > Hi Robert, I'm not familiar with Cisco configurations, so I can't really help you much, but I did notice two things you can try. 1. I think you've got the Log output level set too low on the VPN Trace utility, or you started it after you'd connected the VPN. Please set it to at least informational (farther down the drop down list is more verbose) and recapture the trace, starting from before you begin to connect the VPN. 2. I notice a bunch of ARP request errors that don't match policy. I'm not sure what they are about, but the messages suggest to me that your address ranges in the policy tab might not be set correctly. 3. In the VPN Trace utility, when you've connected to the VPN, check the "Security Associations" tab to see if there are bytes being transferred in each direction. Also look at the state. You should hope to see Mature instead of Larval. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
