Implementing GDOI into DMVPN
GDOI into DMVPN KB ID 0000956 Problem Just recently I covered DMVPN, which is a great scalable system for adding new sites to your network infrastructure and have them join an existing VPN solution without the need to add extra config at the ‘hub’ site. One of the advantages of DMVPN is it maintains VPN connections from your ‘Spoke’ sites back to the ‘Hub’ site, but if a spoke site needs to speak...
Cisco VPN Client Connects but no traffic will Pass
Note: May also be asked as, Client VPN connects but cannot ping anything behind the Firewall. KB ID 0000199 Problem If I had a pound for every time I’ve seen this either in the wild, or asked in a forum, I would be minted! In nearly every case the problem is NAT related. In most cases, If the person launching the VPN client is behind a device that is performing NAT, (Home Router, Access Point, Firewall, etc) then the device will...
Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels
KB ID 0000216 Problem Site to Site VPN’s either work faultlessly straight away, or involve head scratching and a call to Cisco TAC, or someone like me to come and take a look. If I’m honest, the simplest and best answer to the problem is “Remove the Tunnel from both ends and put it back again”. Just about every VPN tunnel I’ve put in that did not work, was a result of my fat fingers putting in the wrong...
Troubleshooting Phase 2 Cisco Site to Site (L2L) VPN Tunnels
KB ID 0000625 Problem It’s been over two years since I wrote Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels. I’ve always meant to come back and write the ‘Phase 2’ article but never got around to it. This article is NOT intended to be a ‘fix all” for phase 2 problems, it’s designed to point you in the right direction to locate the source of the problem. Solution Here’s my...
Cisco ASA 5500 – Reset / Recycle VPN Tunnels
KB ID 0000586 Problem I’ve been asked this before and it came up on EE today, basically you have a site to site VPN tunnel and you either want to restart it or reset it. Solution Cisco ASA Reset ALL VPN Tunnels 1. Connect to your ASA, then to reset ALL your ISAKMP VPN tunnels use the following command; clear crypto isakmp sa In the example below I’ve reset ALL my tunnels. I had a constant ping running across the VPN, and...