Site to Site | ASA | Interview Questions

Hey Everyone,

 

Recently I had a telephonic interview with a Company.. I was asked some questions and from them, I am discussing 2 Questions here for which I need to know the solutions.. Kindly Help..

 

Q1: There are 2 sites, one in London and other in Delhi.. Site to Site VPN has been configured on ASAs on both the sites.. A user calls up and complains of Latency in VPN Traffic.. Troubleshoot it..

Note: Routes are configured properly.. VPN is up that means no issues in Configuration.. Internet Connection and Speed are working fine.. ACLs are precise and configured correctly..

What is the reason for Latency ?

 

Q2: In the same topology but different scenario, Phase 1 is up but Phase 2 is not coming up.. Routes are configured correctly, Phase 2 configuration is configured correctly.. Public Reachabillity is there..

Why is Phase 2 not coming up ?

 

 

Comments








  • Hi,

    Regarding the first question,, it is very wide. Here are some points I would check:

    - check if the problem is only related to VPN traffic between the two sites.

    - You can issue  ping from the public IP addresses and check the delay.

    - You need also to check if there is shaping on the VPN used protocols from the isp.



    Regarding the second point,

    Check if ESP and/or AH are blocked at the isp side. Otherwise, you have to debug crypto ipsec sa to see where the problem is.



    Best Regards,

    Moustafa Houssami



    Sent from my Windows Phone.





    From:
    navneetnarang

    Sent:
    ?2014-?06-?27 5:49 PM

    To:
    Moustafa Houssami

    Subject:
    [CCIE Sec] Site to Site | ASA | Interview Questions




    Hey Everyone,

     

    Recently I had a telephonic interview with a Company.. I was asked some questions and from them, I am discussing 2 Questions here for which I need to know the solutions.. Kindly Help..

     

    Q1: There are 2 sites, one in London and other in Delhi.. Site to Site VPN has been configured on ASAs on both the sites.. A user calls up and complains of Latency in VPN Traffic.. Troubleshoot it..

    Note: Routes are configured properly.. VPN is up that means no issues in Configuration.. Internet Connection and Speed are working fine.. ACLs are precise and configured correctly..

    What is the reason for Latency ?

     

    Q2: In the same topology but different scenario, Phase 1 is up but Phase 2 is not coming up.. Routes are configured correctly, Phase 2 configuration is configured correctly.. Public Reachabillity is there..

    Why is Phase 2 not coming up ?

     

     








    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx








    CONFIDENTIALITY NOTICE: This transmission contains confidential information. The information is intended only for the use of the recipient named above. If you have received this e-mail in error, please immediately notify us by telephone to arrange for return
    of the confidential information to us. You are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited.



    Save a tree... please don't print this e-mail unless you really need to.



  • Hey,


    Thanks for the answer.. Case 1: Problem is only related to VPN Traffic and ping is working fine i.e. the delay is normal one and not any special..

    Shaping is a point which I guess I will have to lookup..

     

    Case2: ISP (sorry sorry I wrote it as IPS, typo :p.. I meant ISP) is not blocking ESP/AH (actually no networking device in between is blocking them), And since it was a telephonic Interview, I was denied any outputs of debug crypto ipsec sa.

     

    Thanks :)








  • Regarding the second question, what i meant is the ISP (internet service provider) side that is providing the internet connection.



    Best Regards,

    Moustafa Houssami



    Sent from my Windows Phone.





    From:
    navneetnarang

    Sent:
    ?2014-?06-?27 6:45 PM

    To:
    Moustafa Houssami

    Subject:
    Re: [CCIE Sec] RE: Site to Site | ASA | Interview Questions




    Hey,



    Thanks for the answer.. Case 1: Problem is only related to VPN Traffic and ping is working fine i.e. the delay is normal one and not any special..

    Shaping is a point which I guess I will have to lookup..

     

    Case2: IPS is not blocking ESP/AH (actually no networking device in between is blocking them), And since it was a telephonic Interview, I was denied any outputs of debug crypto ipsec sa.

     

    Thanks :)








    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx








    CONFIDENTIALITY NOTICE: This transmission contains confidential information. The information is intended only for the use of the recipient named above. If you have received this e-mail in error, please immediately notify us by telephone to arrange for return
    of the confidential information to us. You are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited.



    Save a tree... please don't print this e-mail unless you really need to.



  • Sorry it was a Typo.. I meant ISP.. So I get your point.. And as per the response on the phone ISP or any other device in the network was not blocking ESP/AH.

     

     

  • Hi,
    Did you solve the above problems? I will be happy if you share the solution.

    Thank you :)

  • No Moustapha.. Still looking for a proper answer.. Will surely update you once I hit it..

Sign In or Register to comment.