Hey folks,
We were attempting to get LDAP traffic to pass to and from our remote site over a site to site VPN tunnel. The tunnel has been up for weeks, lots of other things work fine, but we were having issues with LDAP from the remote site to our site. Both sides have ASA’s. We checked and troubleshot our ACL’s on the VPN over and over and to no avail we couldn’t get it working. All the correct ports were allowed on both sides, etc.
I created a top level access rule in the ACL that points to the VPN to just allow all IP traffic to and from the client at our remote site that was trying to use LDAP. This didn’t fix the issue. I said “ok, must be an issue on the remote side’s ACL.” I removed the access rule I added, saved config, and for some reason it reset the IPsec VPN. After the VPN reset, everything started working.
-
Does changing ACL’s associated with a VPN reset the VPN after you save the config? The is the first I’ve seen this happen.
-
Does anyone have any possible idea why the VPN reset would have fixed our issue? I’m at a loss here. There were ultimately no ACL changes made, and the VPN reset resolved the problem magically.
It’s worth noting, before it started working, I could only see LDAP UDP traffic coming from the remote site, and going back out. No TCP connection was being established. After the VPN reset, the TCP connection established and everything started flowing.
Appreciate you taking the time to read.
No comments:
Post a Comment