Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

MSR2003 to CISCO ASA VPN Tunnel

padair
Occasional Contributor

MSR2003 to CISCO ASA VPN Tunnel

I have a new MSR 2003 and I am trying to build a simple IPSEC VPN to an ASA. I've worked thru many many google searches and support documents and I have what looks like a good working IPSEC VPN configuration but I can't get the tunnel to work in both directions.  It is quite odd that the tunnel works 100% from the Cisco ASA network to any inside device on the MSR network.  The ASA is showing proper encaps/decaps and traffic flows and everything is great.  Even with the tunnel established any traffic i try to intiate on the MSR network to the ASA fails.  No counters go up, the ASA doesn't see any traffic and the "display ipsec statistics" doesn't show any changes.  Any traffic/packet counts that are displayed there are only due to traffic initiated from the ASA network.

Pardon my ASA jargon, but I'm thinking this is some type of "no-nat" situation.  I can see from previous Comware 5 version there was an "ipsec no-nat-process enable" commaned used for VPN traffic, but I can't seem to pin-point what the equivilant is for that in Comware 7/new MSR 2000's

Any help appreciated.

thx.