IPSEC no traffic through tunnel

  • Problem
  • Updated 4 years ago
I have configured vpncubed datacentre connect free edition on Flexiscale following the instructions and configured our ASA at the corporate side of the tunnel. The tunnel comes up but when I connect a win2k8 server and connect using the client pack I cannot get any traffic to talk to our Lan side servers through the tunnel and vice verse. The tuntap device on the flexiscale side gets an ip of 172.31.1.5 no gateway is given out via dhcp, a route print shows that the default gateway back to servers on an internal subnet of going via 172.31.1.6 which is the address of the dhcp server not the vpncubed address which is 172.31.1.1. Can I get some help please, I can see traffic leaving our network through the tunnel but nothing coming back.
Photo of sacha rookSR

sacha rook

  • 5 Posts
  • 0 Reply Likes
  • frustrated

Posted 4 years ago

  • 2
Photo of Ryan Koop

Ryan Koop, Official Rep

  • 102 Posts
  • 12 Reply Likes
Hey Sacha,

We would be happy to take a look at your tunnel configuration. Please send us the output from https://{manager IP}:8000/logs/ipsec.log to support(at)cohesiveft.com. We'll follow-up with a VPN-Cubed Checklist form for your to fill out so we can better understand your ASA tunnel parameter setup.

Thanks,

Ryan Koop
Photo of sacha rookSR

sacha rook

  • 5 Posts
  • 0 Reply Likes
Hi Ryan
ok we have made a change on the config to enable ipsec over nat t that now allows bidirectional traffic, which is cool. I have changed the dns lookups to come back through to our network howver I want to be able to control web browsing from the client/servers on the flexiscale end to come through the vpn tunnel to our web filtering device before going out of our firewall based on policy rules. Can you offer some possible configuration scenarios?

Thanks

Sacha
Photo of Ryan Koop

Ryan Koop, Official Rep

  • 102 Posts
  • 12 Reply Likes
Hey Sacha,

VPN-Cubed can help you acheive this by connecting the cloud-based client servers to a proxy server running in your datacenter via IPsec tunnel. Make sure the proxy server is on the remote subnet you are advertising to VPN-Cubed to allow the appropriate access. You can then configure the web browsers on the client servers to use the proxy server. Take a look at the following link regarding changing proxy settings in IE. Note: Changes made to proxy settings as Administrator user cannot be changed by other user roles.

http://windows.microsoft.com/en-US/wi...

Regards,

Ryan
Photo of sacha rookSR

sacha rook

  • 5 Posts
  • 0 Reply Likes
Hi same configuration but the tunnel seems to stop passing traffic.
Restart of the services or connected server seems to resolve the issue.
Can this be looked at?

Sacha