ASA VPN not passing traffic
Posted on 2009-02-19
I have a site-to-site VPN set up between two ASA 5505s. VPN tunnel comes up fine, no errors in debug.
When performing a ping to known good device through the tunnel, I get no reply. Tunnel session statistics on the source ASA shows Tx traffic going outbound but NO Rx coming back. Tunnel session statistics on the destination ASA show traffic going both ways (echo inbound and the echo-reply going back out). Seems like the echo is getting there and most likely back but traffic somehow being stopped on the receiving end.
Both of these ASA units have other tunnels to other units up and running fine.
Tunnels are allowed to bypass incoming access list. Routes are verified. ACL on inside interface verified. NAT exxempt looks ok (like the other tunnels I have). IKE and IPsec are AES256 DH5 PFS enabled preshared keys. Very simple setups!
Unfortunately these units are on a private WAN so I can not post the configs without retyping manually.