TSG_Users
asked on
Traffic Not Being Passed Over Cisco ASA site to site VPN
Hi,
Got a problem with an ASA not sending traffic back down a tunnel.
The tunnel comes up, I can see from the VPN monitor that traffic is received from the remote network. I can see from a PCAP that the ICMP packet is being received by the local ASA, sent to the host on the LAN , that the host is then replying and the ICMP reply is being received by the ASA on the inside interface.
Unfortunately I never see an encrypted packet leaving the ASA on the outside interface and no Tx on the VPN monitor.
I've checked Packet Tracer and the ASA expects the traffic to be tunnelled... really not sure why this has suddenly stopped working since Friday, it's unlikley that anybody has fiddled with the box. The relevant config is attached.
Any suggestions welcome!
Got a problem with an ASA not sending traffic back down a tunnel.
The tunnel comes up, I can see from the VPN monitor that traffic is received from the remote network. I can see from a PCAP that the ICMP packet is being received by the local ASA, sent to the host on the LAN , that the host is then replying and the ICMP reply is being received by the ASA on the inside interface.
Unfortunately I never see an encrypted packet leaving the ASA on the outside interface and no Tx on the VPN monitor.
I've checked Packet Tracer and the ASA expects the traffic to be tunnelled... really not sure why this has suddenly stopped working since Friday, it's unlikley that anybody has fiddled with the box. The relevant config is attached.
Any suggestions welcome!
name 10.10.0.0 RB_VLANS
!
access-list outside_1_cryptomap extended permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
!
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
!
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.0.0.0 255.255.0.0
!
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 82.109.x.x
crypto map outside_map 1 set transform-set ESP-3DES-SHA
aw-fw# sho ver
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
aw-fw up 32 days 22 hours
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is f866.f257.500e, irq 11
1: Ext: Ethernet0/0 : address is f866.f257.5006, irq 255
2: Ext: Ethernet0/1 : address is f866.f257.5007, irq 255
3: Ext: Ethernet0/2 : address is f866.f257.5008, irq 255
4: Ext: Ethernet0/3 : address is f866.f257.5009, irq 255
5: Ext: Ethernet0/4 : address is f866.f257.500a, irq 255
6: Ext: Ethernet0/5 : address is f866.f257.500b, irq 255
7: Ext: Ethernet0/6 : address is f866.f257.500c, irq 255
8: Ext: Ethernet0/7 : address is f866.f257.500d, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 50
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
ASKER
The host on the LAN that is being Pinged is 10.0.0.101.
aw-fw# sho cry ips sa
interface: outside
Crypto map tag: outside_map, seq num: 1, local addr: 194.217.0.66
access-list outside_1_cryptomap permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
local ident (addr/mask/prot/port): (10.0.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (RB_VLANS/255.255.0.0/0/0)
current_peer: 82.109.166.226
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 140, #pkts decrypt: 140, #pkts verify: 140
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 194.217.0.66, remote crypto endpt.: 82.109.166.226
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: F2E3D698
inbound esp sas:
spi: 0x89504FB4 (2303741876)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2654208, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4373986/26514)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xF2E3D698 (4075017880)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2654208, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/26514)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
aw-fw# sho cry isa sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 82.109.166.226
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
aw-fw# sho xlate
209 in use, 1483 most used
Global 194.217.0.67 Local 10.0.0.4
Global 194.217.0.68 Local w2k-email
Global 194.217.0.69 Local adserv
PAT Global 194.217.0.66(34974) Local 10.0.0.23(1617)
PAT Global 194.217.0.66(20935) Local 10.0.0.23(1616)
PAT Global 194.217.0.66(54447) Local 10.0.0.23(1615)
PAT Global 194.217.0.66(33374) Local 10.0.0.88(2965)
PAT Global 194.217.0.66(19454) Local 10.0.0.71(63068)
PAT Global 194.217.0.66(41325) Local 10.0.0.71(63067)
PAT Global 194.217.0.66(31478) Local 10.0.0.71(63066)
PAT Global 194.217.0.66(44671) Local 10.0.0.71(63065)
PAT Global 194.217.0.66(10868) Local 10.0.0.71(63060)
PAT Global 194.217.0.66(6922) Local 10.0.0.71(63057)
PAT Global 194.217.0.66(2422) Local 10.0.0.71(62908)
PAT Global 194.217.0.66(27573) Local 10.0.0.71(63577)
PAT Global 194.217.0.66(59585) Local 10.0.0.103(4316)
PAT Global 194.217.0.66(32769) Local 10.0.0.103(4315)
PAT Global 194.217.0.66(53510) Local 10.0.0.103(4314)
PAT Global 194.217.0.66(2586) Local 10.0.0.103(2355)
PAT Global 194.217.0.66(52288) Local 10.0.0.103(1797)
PAT Global 194.217.0.66(24779) Local 10.0.0.6(56694)
PAT Global 194.217.0.66(58593) Local 10.0.0.6(54740)
PAT Global 194.217.0.66(49099) Local 10.0.0.6(55945)
PAT Global 194.217.0.66(1037) Local 10.0.0.6(61810)
PAT Global 194.217.0.66(22220) Local 10.0.0.6(49186)
PAT Global 194.217.0.66(28470) Local 10.0.0.6(59096)
PAT Global 194.217.0.66(7035) Local 10.0.0.75(1300)
PAT Global 194.217.0.66(55983) Local 10.0.0.75(1299)
PAT Global 194.217.0.66(48787) Local 10.0.0.75(1298)
PAT Global 194.217.0.66(34262) Local 10.0.0.75(1297)
PAT Global 194.217.0.66(37444) Local 10.0.0.75(1293)
PAT Global 194.217.0.66(58695) Local 10.0.0.75(1284)
PAT Global 194.217.0.66(12669) Local 10.0.0.75(1280)
PAT Global 194.217.0.66(54641) Local 10.0.0.75(1179)
PAT Global 194.217.0.66(7703) Local 10.0.0.75(1145)
PAT Global 194.217.0.66(3454) Local 10.0.0.75(1122)
PAT Global 194.217.0.66(48675) Local 10.0.0.75(4466)
PAT Global 194.217.0.66(34648) Local 10.0.0.75(4439)
PAT Global 194.217.0.66(42847) Local 10.0.0.75(4383)
PAT Global 194.217.0.66(6977) Local 10.0.0.75(4319)
PAT Global 194.217.0.66(45791) Local 10.0.0.75(4311)
PAT Global 194.217.0.66(49032) Local 10.0.0.75(4118)
PAT Global 194.217.0.66(25535) Local 10.0.0.75(4096)
PAT Global 194.217.0.66(33836) Local 10.0.0.75(4080)
PAT Global 194.217.0.66(31185) Local 10.0.0.75(3852)
PAT Global 194.217.0.66(3914) Local 10.0.0.75(3738)
PAT Global 194.217.0.66(14501) Local 10.0.0.75(3737)
PAT Global 194.217.0.66(65476) Local 10.0.0.75(3600)
PAT Global 194.217.0.66(36477) Local 10.0.0.75(3309)
PAT Global 194.217.0.66(37942) Local 10.0.0.75(3246)
PAT Global 194.217.0.66(18374) Local 10.0.0.75(3158)
PAT Global 194.217.0.66(47583) Local 10.0.0.75(3060)
PAT Global 194.217.0.66(47718) Local 10.0.0.75(2940)
PAT Global 194.217.0.66(57889) Local 10.0.0.75(2818)
PAT Global 194.217.0.66(29141) Local 10.0.0.75(2713)
PAT Global 194.217.0.66(40699) Local 10.0.0.75(2434)
PAT Global 194.217.0.66(29108) Local 10.0.0.75(1486)
PAT Global 194.217.0.66(11099) Local 10.0.0.75(1210)
PAT Global 194.217.0.66(55505) Local 10.0.0.62(50888)
PAT Global 194.217.0.66(20386) Local 10.0.0.78(3265)
PAT Global 194.217.0.66(5351) Local 10.0.0.97(60121)
PAT Global 194.217.0.66(31941) Local 10.0.0.97(60120)
PAT Global 194.217.0.66(32841) Local 10.0.0.97(60119)
PAT Global 194.217.0.66(46351) Local 10.0.0.97(60118)
PAT Global 194.217.0.66(8069) Local 10.0.0.97(60117)
PAT Global 194.217.0.66(12745) Local 10.0.0.97(60106)
PAT Global 194.217.0.66(44168) Local 10.0.0.97(60012)
PAT Global 194.217.0.66(33062) Local 10.0.0.97(60002)
PAT Global 194.217.0.66(44264) Local 10.0.0.97(60001)
PAT Global 194.217.0.66(11649) Local 10.0.0.97(59973)
PAT Global 194.217.0.66(1354) Local 10.0.0.97(59941)
PAT Global 194.217.0.66(42728) Local 10.0.0.97(59920)
PAT Global 194.217.0.66(4030) Local 10.0.0.97(59890)
PAT Global 194.217.0.66(38522) Local 10.0.0.97(59881)
PAT Global 194.217.0.66(19994) Local 10.0.0.97(59877)
PAT Global 194.217.0.66(54508) Local 10.0.0.97(59875)
PAT Global 194.217.0.66(44121) Local 10.0.0.97(59866)
PAT Global 194.217.0.66(14061) Local 10.0.0.97(59821)
PAT Global 194.217.0.66(61194) Local 10.0.0.97(59623)
PAT Global 194.217.0.66(31989) Local 10.0.0.97(59619)
PAT Global 194.217.0.66(20478) Local 10.0.0.97(59595)
PAT Global 194.217.0.66(47814) Local 10.0.0.97(59585)
PAT Global 194.217.0.66(15640) Local 10.0.0.97(59581)
PAT Global 194.217.0.66(49354) Local 10.0.0.97(59571)
PAT Global 194.217.0.66(2610) Local 10.0.0.97(59467)
PAT Global 194.217.0.66(13248) Local 10.0.0.97(59451)
PAT Global 194.217.0.66(37677) Local 10.0.0.97(59447)
PAT Global 194.217.0.66(6994) Local 10.0.0.97(59439)
PAT Global 194.217.0.66(31806) Local 10.0.0.97(59177)
PAT Global 194.217.0.66(14287) Local 10.0.0.97(59025)
PAT Global 194.217.0.66(26172) Local 10.0.0.97(58989)
PAT Global 194.217.0.66(19192) Local 10.0.0.97(58979)
PAT Global 194.217.0.66(2551) Local 10.0.0.97(58810)
PAT Global 194.217.0.66(30726) Local 10.0.0.97(58805)
PAT Global 194.217.0.66(53987) Local 10.0.0.97(58802)
PAT Global 194.217.0.66(26672) Local 10.0.0.97(58679)
PAT Global 194.217.0.66(20768) Local 10.0.0.97(58660)
PAT Global 194.217.0.66(54689) Local 10.0.0.97(58654)
PAT Global 194.217.0.66(55335) Local 10.0.0.97(58631)
PAT Global 194.217.0.66(14449) Local 10.0.0.97(58614)
PAT Global 194.217.0.66(18964) Local 10.0.0.97(58606)
PAT Global 194.217.0.66(31252) Local 10.0.0.97(58478)
PAT Global 194.217.0.66(15200) Local 10.0.0.97(57656)
PAT Global 194.217.0.66(47262) Local 10.0.0.97(57654)
PAT Global 194.217.0.66(53356) Local 10.0.0.97(55812)
PAT Global 194.217.0.66(17920) Local 10.0.0.102(3178)
PAT Global 194.217.0.66(16893) Local 10.0.0.107(4676)
PAT Global 194.217.0.66(5577) Local 10.0.0.107(4675)
PAT Global 194.217.0.66(48523) Local 10.0.0.107(4674)
PAT Global 194.217.0.66(7495) Local 10.0.0.107(4551)
PAT Global 194.217.0.66(36022) Local 10.0.0.107(4548)
PAT Global 194.217.0.66(3086) Local 10.0.0.107(1056)
PAT Global 194.217.0.66(44110) Local 10.0.0.99(4600)
PAT Global 194.217.0.66(34514) Local 10.0.0.99(4492)
PAT Global 194.217.0.66(13998) Local 10.0.0.99(4487)
PAT Global 194.217.0.66(35170) Local 10.0.0.99(4469)
PAT Global 194.217.0.66(12037) Local 10.0.0.99(4409)
PAT Global 194.217.0.66(6826) Local 10.0.0.99(4402)
PAT Global 194.217.0.66(46166) Local 10.0.0.99(4146)
PAT Global 194.217.0.66(2893) Local 10.0.0.99(4113)
PAT Global 194.217.0.66(48980) Local 10.0.0.99(3876)
PAT Global 194.217.0.66(37882) Local 10.0.0.99(3867)
PAT Global 194.217.0.66(61023) Local 10.0.0.99(3220)
PAT Global 194.217.0.66(63565) Local 10.0.0.99(1057)
PAT Global 194.217.0.66(6397) Local 10.0.0.99(1047)
PAT Global 194.217.0.66(27222) Local 10.0.0.83(2079)
PAT Global 194.217.0.66(60576) Local 10.0.0.65(54153)
PAT Global 194.217.0.66(45338) Local 10.0.0.65(54135)
PAT Global 194.217.0.66(29427) Local 10.0.0.65(49161)
PAT Global 194.217.0.66(28521) Local 10.0.0.93(1918)
PAT Global 194.217.0.66(42687) Local 10.0.0.93(1917)
PAT Global 194.217.0.66(31517) Local 10.0.0.93(1913)
PAT Global 194.217.0.66(57228) Local 10.0.0.93(1902)
PAT Global 194.217.0.66(43896) Local 10.0.0.93(1899)
PAT Global 194.217.0.66(34386) Local 10.0.0.93(1896)
PAT Global 194.217.0.66(26210) Local 10.0.0.93(1886)
PAT Global 194.217.0.66(7227) Local 10.0.0.93(1877)
PAT Global 194.217.0.66(6464) Local 10.0.0.93(1872)
PAT Global 194.217.0.66(8948) Local 10.0.0.93(1870)
PAT Global 194.217.0.66(32850) Local 10.0.0.93(1861)
PAT Global 194.217.0.66(36944) Local 10.0.0.93(1860)
PAT Global 194.217.0.66(17017) Local 10.0.0.93(1857)
PAT Global 194.217.0.66(39884) Local 10.0.0.93(1856)
PAT Global 194.217.0.66(58525) Local 10.0.0.93(1853)
PAT Global 194.217.0.66(20255) Local 10.0.0.93(1836)
PAT Global 194.217.0.66(13440) Local 10.0.0.93(1821)
PAT Global 194.217.0.66(12608) Local 10.0.0.93(1810)
PAT Global 194.217.0.66(10515) Local 10.0.0.93(1797)
PAT Global 194.217.0.66(44979) Local 10.0.0.93(1793)
PAT Global 194.217.0.66(61675) Local 10.0.0.93(1782)
PAT Global 194.217.0.66(22402) Local 10.0.0.93(1772)
PAT Global 194.217.0.66(10389) Local 10.0.0.93(1770)
PAT Global 194.217.0.66(64436) Local 10.0.0.93(1742)
PAT Global 194.217.0.66(2030) Local 10.0.0.93(1740)
PAT Global 194.217.0.66(20028) Local 10.0.0.93(1731)
PAT Global 194.217.0.66(54087) Local 10.0.0.93(1704)
PAT Global 194.217.0.66(42108) Local 10.0.0.93(1692)
PAT Global 194.217.0.66(57145) Local 10.0.0.93(1690)
PAT Global 194.217.0.66(48345) Local 10.0.0.93(1672)
PAT Global 194.217.0.66(5750) Local 10.0.0.93(1650)
PAT Global 194.217.0.66(41182) Local 10.0.0.93(1621)
PAT Global 194.217.0.66(45703) Local 10.0.0.93(1592)
PAT Global 194.217.0.66(38412) Local 10.0.0.93(1551)
PAT Global 194.217.0.66(47589) Local 10.0.0.93(1543)
PAT Global 194.217.0.66(13048) Local 10.0.0.93(1518)
PAT Global 194.217.0.66(19562) Local 10.0.0.93(1479)
PAT Global 194.217.0.66(31918) Local 10.0.0.93(1407)
PAT Global 194.217.0.66(3975) Local 10.0.0.93(1395)
PAT Global 194.217.0.66(31005) Local 10.0.0.93(1335)
PAT Global 194.217.0.66(13211) Local 10.0.0.93(1317)
PAT Global 194.217.0.66(9709) Local 10.0.0.93(1081)
PAT Global 194.217.0.66(11757) Local 10.0.0.93(4918)
PAT Global 194.217.0.66(48833) Local 10.0.0.93(4904)
PAT Global 194.217.0.66(14497) Local 10.0.0.93(4836)
PAT Global 194.217.0.66(19869) Local 10.0.0.93(4764)
PAT Global 194.217.0.66(48358) Local 10.0.0.93(4684)
PAT Global 194.217.0.66(20182) Local 10.0.0.93(4644)
PAT Global 194.217.0.66(34515) Local 10.0.0.93(4562)
PAT Global 194.217.0.66(63434) Local 10.0.0.93(3152)
PAT Global 194.217.0.66(11650) Local 10.0.0.93(2273)
PAT Global 194.217.0.66(60843) Local 10.0.0.93(1133)
PAT Global 194.217.0.66(5475) Local 10.0.0.93(1038)
PAT Global 194.217.0.66(8863) Local 10.0.0.95(1417)
PAT Global 194.217.0.66(11752) Local 10.0.0.94(49162)
PAT Global 194.217.0.66(24096) Local 10.0.0.106(3960)
PAT Global 194.217.0.66(8777) Local 10.0.0.106(3892)
PAT Global 194.217.0.66(22367) Local 10.0.0.106(3743)
PAT Global 194.217.0.66(64962) Local 10.0.0.106(3674)
PAT Global 194.217.0.66(58063) Local 10.0.0.106(2642)
PAT Global 194.217.0.66(55726) Local 10.0.0.106(4275)
PAT Global 194.217.0.66(52543) Local 10.0.0.70(50431)
PAT Global 194.217.0.66(17382) Local 10.0.0.70(49326)
PAT Global 194.217.0.66(21855) Local 10.0.0.101(64483)
PAT Global 194.217.0.66(57807) Local 10.0.0.101(50871)
PAT Global 194.217.0.66(47775) Local 10.0.0.101(60735)
PAT Global 194.217.0.66(32558) Local 10.0.0.101(61652)
PAT Global 194.217.0.66(39364) Local 10.0.0.101(65494)
PAT Global 194.217.0.66(28086) Local 10.0.0.101(50954)
PAT Global 194.217.0.66(27311) Local 10.0.0.101(60845)
PAT Global 194.217.0.66(3164) Local 10.0.0.101(61811)
PAT Global 194.217.0.66(5950) Local 10.0.0.101(49455)
PAT Global 194.217.0.66(55360) Local 10.0.0.101(65026)
PAT Global 194.217.0.66(13893) Local 10.0.0.101(50622)
PAT Global 194.217.0.66(43981) Local 10.0.0.101(49776)
PAT Global 194.217.0.66(44366) Local 10.0.0.101(63751)
PAT Global 194.217.0.66(10635) Local 10.0.0.101(64499)
PAT Global 194.217.0.66(47150) Local 10.0.0.101(51722)
PAT Global 194.217.0.66(55511) Local 10.0.0.101(2703)
aw-fw#
aw-fw# sho cry ips sa
interface: outside
Crypto map tag: outside_map, seq num: 1, local addr: 194.217.0.66
access-list outside_1_cryptomap permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
local ident (addr/mask/prot/port): (10.0.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (RB_VLANS/255.255.0.0/0/0)
current_peer: 82.109.166.226
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 140, #pkts decrypt: 140, #pkts verify: 140
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 194.217.0.66, remote crypto endpt.: 82.109.166.226
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: F2E3D698
inbound esp sas:
spi: 0x89504FB4 (2303741876)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2654208, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4373986/26514)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xF2E3D698 (4075017880)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2654208, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/26514)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
aw-fw# sho cry isa sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 82.109.166.226
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
aw-fw# sho xlate
209 in use, 1483 most used
Global 194.217.0.67 Local 10.0.0.4
Global 194.217.0.68 Local w2k-email
Global 194.217.0.69 Local adserv
PAT Global 194.217.0.66(34974) Local 10.0.0.23(1617)
PAT Global 194.217.0.66(20935) Local 10.0.0.23(1616)
PAT Global 194.217.0.66(54447) Local 10.0.0.23(1615)
PAT Global 194.217.0.66(33374) Local 10.0.0.88(2965)
PAT Global 194.217.0.66(19454) Local 10.0.0.71(63068)
PAT Global 194.217.0.66(41325) Local 10.0.0.71(63067)
PAT Global 194.217.0.66(31478) Local 10.0.0.71(63066)
PAT Global 194.217.0.66(44671) Local 10.0.0.71(63065)
PAT Global 194.217.0.66(10868) Local 10.0.0.71(63060)
PAT Global 194.217.0.66(6922) Local 10.0.0.71(63057)
PAT Global 194.217.0.66(2422) Local 10.0.0.71(62908)
PAT Global 194.217.0.66(27573) Local 10.0.0.71(63577)
PAT Global 194.217.0.66(59585) Local 10.0.0.103(4316)
PAT Global 194.217.0.66(32769) Local 10.0.0.103(4315)
PAT Global 194.217.0.66(53510) Local 10.0.0.103(4314)
PAT Global 194.217.0.66(2586) Local 10.0.0.103(2355)
PAT Global 194.217.0.66(52288) Local 10.0.0.103(1797)
PAT Global 194.217.0.66(24779) Local 10.0.0.6(56694)
PAT Global 194.217.0.66(58593) Local 10.0.0.6(54740)
PAT Global 194.217.0.66(49099) Local 10.0.0.6(55945)
PAT Global 194.217.0.66(1037) Local 10.0.0.6(61810)
PAT Global 194.217.0.66(22220) Local 10.0.0.6(49186)
PAT Global 194.217.0.66(28470) Local 10.0.0.6(59096)
PAT Global 194.217.0.66(7035) Local 10.0.0.75(1300)
PAT Global 194.217.0.66(55983) Local 10.0.0.75(1299)
PAT Global 194.217.0.66(48787) Local 10.0.0.75(1298)
PAT Global 194.217.0.66(34262) Local 10.0.0.75(1297)
PAT Global 194.217.0.66(37444) Local 10.0.0.75(1293)
PAT Global 194.217.0.66(58695) Local 10.0.0.75(1284)
PAT Global 194.217.0.66(12669) Local 10.0.0.75(1280)
PAT Global 194.217.0.66(54641) Local 10.0.0.75(1179)
PAT Global 194.217.0.66(7703) Local 10.0.0.75(1145)
PAT Global 194.217.0.66(3454) Local 10.0.0.75(1122)
PAT Global 194.217.0.66(48675) Local 10.0.0.75(4466)
PAT Global 194.217.0.66(34648) Local 10.0.0.75(4439)
PAT Global 194.217.0.66(42847) Local 10.0.0.75(4383)
PAT Global 194.217.0.66(6977) Local 10.0.0.75(4319)
PAT Global 194.217.0.66(45791) Local 10.0.0.75(4311)
PAT Global 194.217.0.66(49032) Local 10.0.0.75(4118)
PAT Global 194.217.0.66(25535) Local 10.0.0.75(4096)
PAT Global 194.217.0.66(33836) Local 10.0.0.75(4080)
PAT Global 194.217.0.66(31185) Local 10.0.0.75(3852)
PAT Global 194.217.0.66(3914) Local 10.0.0.75(3738)
PAT Global 194.217.0.66(14501) Local 10.0.0.75(3737)
PAT Global 194.217.0.66(65476) Local 10.0.0.75(3600)
PAT Global 194.217.0.66(36477) Local 10.0.0.75(3309)
PAT Global 194.217.0.66(37942) Local 10.0.0.75(3246)
PAT Global 194.217.0.66(18374) Local 10.0.0.75(3158)
PAT Global 194.217.0.66(47583) Local 10.0.0.75(3060)
PAT Global 194.217.0.66(47718) Local 10.0.0.75(2940)
PAT Global 194.217.0.66(57889) Local 10.0.0.75(2818)
PAT Global 194.217.0.66(29141) Local 10.0.0.75(2713)
PAT Global 194.217.0.66(40699) Local 10.0.0.75(2434)
PAT Global 194.217.0.66(29108) Local 10.0.0.75(1486)
PAT Global 194.217.0.66(11099) Local 10.0.0.75(1210)
PAT Global 194.217.0.66(55505) Local 10.0.0.62(50888)
PAT Global 194.217.0.66(20386) Local 10.0.0.78(3265)
PAT Global 194.217.0.66(5351) Local 10.0.0.97(60121)
PAT Global 194.217.0.66(31941) Local 10.0.0.97(60120)
PAT Global 194.217.0.66(32841) Local 10.0.0.97(60119)
PAT Global 194.217.0.66(46351) Local 10.0.0.97(60118)
PAT Global 194.217.0.66(8069) Local 10.0.0.97(60117)
PAT Global 194.217.0.66(12745) Local 10.0.0.97(60106)
PAT Global 194.217.0.66(44168) Local 10.0.0.97(60012)
PAT Global 194.217.0.66(33062) Local 10.0.0.97(60002)
PAT Global 194.217.0.66(44264) Local 10.0.0.97(60001)
PAT Global 194.217.0.66(11649) Local 10.0.0.97(59973)
PAT Global 194.217.0.66(1354) Local 10.0.0.97(59941)
PAT Global 194.217.0.66(42728) Local 10.0.0.97(59920)
PAT Global 194.217.0.66(4030) Local 10.0.0.97(59890)
PAT Global 194.217.0.66(38522) Local 10.0.0.97(59881)
PAT Global 194.217.0.66(19994) Local 10.0.0.97(59877)
PAT Global 194.217.0.66(54508) Local 10.0.0.97(59875)
PAT Global 194.217.0.66(44121) Local 10.0.0.97(59866)
PAT Global 194.217.0.66(14061) Local 10.0.0.97(59821)
PAT Global 194.217.0.66(61194) Local 10.0.0.97(59623)
PAT Global 194.217.0.66(31989) Local 10.0.0.97(59619)
PAT Global 194.217.0.66(20478) Local 10.0.0.97(59595)
PAT Global 194.217.0.66(47814) Local 10.0.0.97(59585)
PAT Global 194.217.0.66(15640) Local 10.0.0.97(59581)
PAT Global 194.217.0.66(49354) Local 10.0.0.97(59571)
PAT Global 194.217.0.66(2610) Local 10.0.0.97(59467)
PAT Global 194.217.0.66(13248) Local 10.0.0.97(59451)
PAT Global 194.217.0.66(37677) Local 10.0.0.97(59447)
PAT Global 194.217.0.66(6994) Local 10.0.0.97(59439)
PAT Global 194.217.0.66(31806) Local 10.0.0.97(59177)
PAT Global 194.217.0.66(14287) Local 10.0.0.97(59025)
PAT Global 194.217.0.66(26172) Local 10.0.0.97(58989)
PAT Global 194.217.0.66(19192) Local 10.0.0.97(58979)
PAT Global 194.217.0.66(2551) Local 10.0.0.97(58810)
PAT Global 194.217.0.66(30726) Local 10.0.0.97(58805)
PAT Global 194.217.0.66(53987) Local 10.0.0.97(58802)
PAT Global 194.217.0.66(26672) Local 10.0.0.97(58679)
PAT Global 194.217.0.66(20768) Local 10.0.0.97(58660)
PAT Global 194.217.0.66(54689) Local 10.0.0.97(58654)
PAT Global 194.217.0.66(55335) Local 10.0.0.97(58631)
PAT Global 194.217.0.66(14449) Local 10.0.0.97(58614)
PAT Global 194.217.0.66(18964) Local 10.0.0.97(58606)
PAT Global 194.217.0.66(31252) Local 10.0.0.97(58478)
PAT Global 194.217.0.66(15200) Local 10.0.0.97(57656)
PAT Global 194.217.0.66(47262) Local 10.0.0.97(57654)
PAT Global 194.217.0.66(53356) Local 10.0.0.97(55812)
PAT Global 194.217.0.66(17920) Local 10.0.0.102(3178)
PAT Global 194.217.0.66(16893) Local 10.0.0.107(4676)
PAT Global 194.217.0.66(5577) Local 10.0.0.107(4675)
PAT Global 194.217.0.66(48523) Local 10.0.0.107(4674)
PAT Global 194.217.0.66(7495) Local 10.0.0.107(4551)
PAT Global 194.217.0.66(36022) Local 10.0.0.107(4548)
PAT Global 194.217.0.66(3086) Local 10.0.0.107(1056)
PAT Global 194.217.0.66(44110) Local 10.0.0.99(4600)
PAT Global 194.217.0.66(34514) Local 10.0.0.99(4492)
PAT Global 194.217.0.66(13998) Local 10.0.0.99(4487)
PAT Global 194.217.0.66(35170) Local 10.0.0.99(4469)
PAT Global 194.217.0.66(12037) Local 10.0.0.99(4409)
PAT Global 194.217.0.66(6826) Local 10.0.0.99(4402)
PAT Global 194.217.0.66(46166) Local 10.0.0.99(4146)
PAT Global 194.217.0.66(2893) Local 10.0.0.99(4113)
PAT Global 194.217.0.66(48980) Local 10.0.0.99(3876)
PAT Global 194.217.0.66(37882) Local 10.0.0.99(3867)
PAT Global 194.217.0.66(61023) Local 10.0.0.99(3220)
PAT Global 194.217.0.66(63565) Local 10.0.0.99(1057)
PAT Global 194.217.0.66(6397) Local 10.0.0.99(1047)
PAT Global 194.217.0.66(27222) Local 10.0.0.83(2079)
PAT Global 194.217.0.66(60576) Local 10.0.0.65(54153)
PAT Global 194.217.0.66(45338) Local 10.0.0.65(54135)
PAT Global 194.217.0.66(29427) Local 10.0.0.65(49161)
PAT Global 194.217.0.66(28521) Local 10.0.0.93(1918)
PAT Global 194.217.0.66(42687) Local 10.0.0.93(1917)
PAT Global 194.217.0.66(31517) Local 10.0.0.93(1913)
PAT Global 194.217.0.66(57228) Local 10.0.0.93(1902)
PAT Global 194.217.0.66(43896) Local 10.0.0.93(1899)
PAT Global 194.217.0.66(34386) Local 10.0.0.93(1896)
PAT Global 194.217.0.66(26210) Local 10.0.0.93(1886)
PAT Global 194.217.0.66(7227) Local 10.0.0.93(1877)
PAT Global 194.217.0.66(6464) Local 10.0.0.93(1872)
PAT Global 194.217.0.66(8948) Local 10.0.0.93(1870)
PAT Global 194.217.0.66(32850) Local 10.0.0.93(1861)
PAT Global 194.217.0.66(36944) Local 10.0.0.93(1860)
PAT Global 194.217.0.66(17017) Local 10.0.0.93(1857)
PAT Global 194.217.0.66(39884) Local 10.0.0.93(1856)
PAT Global 194.217.0.66(58525) Local 10.0.0.93(1853)
PAT Global 194.217.0.66(20255) Local 10.0.0.93(1836)
PAT Global 194.217.0.66(13440) Local 10.0.0.93(1821)
PAT Global 194.217.0.66(12608) Local 10.0.0.93(1810)
PAT Global 194.217.0.66(10515) Local 10.0.0.93(1797)
PAT Global 194.217.0.66(44979) Local 10.0.0.93(1793)
PAT Global 194.217.0.66(61675) Local 10.0.0.93(1782)
PAT Global 194.217.0.66(22402) Local 10.0.0.93(1772)
PAT Global 194.217.0.66(10389) Local 10.0.0.93(1770)
PAT Global 194.217.0.66(64436) Local 10.0.0.93(1742)
PAT Global 194.217.0.66(2030) Local 10.0.0.93(1740)
PAT Global 194.217.0.66(20028) Local 10.0.0.93(1731)
PAT Global 194.217.0.66(54087) Local 10.0.0.93(1704)
PAT Global 194.217.0.66(42108) Local 10.0.0.93(1692)
PAT Global 194.217.0.66(57145) Local 10.0.0.93(1690)
PAT Global 194.217.0.66(48345) Local 10.0.0.93(1672)
PAT Global 194.217.0.66(5750) Local 10.0.0.93(1650)
PAT Global 194.217.0.66(41182) Local 10.0.0.93(1621)
PAT Global 194.217.0.66(45703) Local 10.0.0.93(1592)
PAT Global 194.217.0.66(38412) Local 10.0.0.93(1551)
PAT Global 194.217.0.66(47589) Local 10.0.0.93(1543)
PAT Global 194.217.0.66(13048) Local 10.0.0.93(1518)
PAT Global 194.217.0.66(19562) Local 10.0.0.93(1479)
PAT Global 194.217.0.66(31918) Local 10.0.0.93(1407)
PAT Global 194.217.0.66(3975) Local 10.0.0.93(1395)
PAT Global 194.217.0.66(31005) Local 10.0.0.93(1335)
PAT Global 194.217.0.66(13211) Local 10.0.0.93(1317)
PAT Global 194.217.0.66(9709) Local 10.0.0.93(1081)
PAT Global 194.217.0.66(11757) Local 10.0.0.93(4918)
PAT Global 194.217.0.66(48833) Local 10.0.0.93(4904)
PAT Global 194.217.0.66(14497) Local 10.0.0.93(4836)
PAT Global 194.217.0.66(19869) Local 10.0.0.93(4764)
PAT Global 194.217.0.66(48358) Local 10.0.0.93(4684)
PAT Global 194.217.0.66(20182) Local 10.0.0.93(4644)
PAT Global 194.217.0.66(34515) Local 10.0.0.93(4562)
PAT Global 194.217.0.66(63434) Local 10.0.0.93(3152)
PAT Global 194.217.0.66(11650) Local 10.0.0.93(2273)
PAT Global 194.217.0.66(60843) Local 10.0.0.93(1133)
PAT Global 194.217.0.66(5475) Local 10.0.0.93(1038)
PAT Global 194.217.0.66(8863) Local 10.0.0.95(1417)
PAT Global 194.217.0.66(11752) Local 10.0.0.94(49162)
PAT Global 194.217.0.66(24096) Local 10.0.0.106(3960)
PAT Global 194.217.0.66(8777) Local 10.0.0.106(3892)
PAT Global 194.217.0.66(22367) Local 10.0.0.106(3743)
PAT Global 194.217.0.66(64962) Local 10.0.0.106(3674)
PAT Global 194.217.0.66(58063) Local 10.0.0.106(2642)
PAT Global 194.217.0.66(55726) Local 10.0.0.106(4275)
PAT Global 194.217.0.66(52543) Local 10.0.0.70(50431)
PAT Global 194.217.0.66(17382) Local 10.0.0.70(49326)
PAT Global 194.217.0.66(21855) Local 10.0.0.101(64483)
PAT Global 194.217.0.66(57807) Local 10.0.0.101(50871)
PAT Global 194.217.0.66(47775) Local 10.0.0.101(60735)
PAT Global 194.217.0.66(32558) Local 10.0.0.101(61652)
PAT Global 194.217.0.66(39364) Local 10.0.0.101(65494)
PAT Global 194.217.0.66(28086) Local 10.0.0.101(50954)
PAT Global 194.217.0.66(27311) Local 10.0.0.101(60845)
PAT Global 194.217.0.66(3164) Local 10.0.0.101(61811)
PAT Global 194.217.0.66(5950) Local 10.0.0.101(49455)
PAT Global 194.217.0.66(55360) Local 10.0.0.101(65026)
PAT Global 194.217.0.66(13893) Local 10.0.0.101(50622)
PAT Global 194.217.0.66(43981) Local 10.0.0.101(49776)
PAT Global 194.217.0.66(44366) Local 10.0.0.101(63751)
PAT Global 194.217.0.66(10635) Local 10.0.0.101(64499)
PAT Global 194.217.0.66(47150) Local 10.0.0.101(51722)
PAT Global 194.217.0.66(55511) Local 10.0.0.101(2703)
aw-fw#
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What do you have for "route" statements in the ASA? Do you have any statements for the 10.10.0.0/16 subnet? Or any statements that would include that subnet? Ensure that the ASA knows to route the 10.10.0.0/16 subnet out the outside interface. If you don't have any other static routes, then a default gateway will take care of this. But sometimes a 10.0.0.0/8 route gets added and pointed to an internal device. That would cause this behavior.
ASKER
I've had a chance to reload it now and it appears to have fixed it I can now ping both ways
aw-fw(config)# sho cry ips sa
#pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 3
#pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 3
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 3, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
There was nothing wrong with the configuration - any thoughts on what it might have been from the diagnostics? There is only some many times you can get away with a reboot as a solution to a problem!
aw-fw(config)# sho cry ips sa
#pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 3
#pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 3
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 3, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
There was nothing wrong with the configuration - any thoughts on what it might have been from the diagnostics? There is only some many times you can get away with a reboot as a solution to a problem!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Would have been preferable to try the clear options prior to the reload.
sh xlate
sh cry isa sa
sh cry ips sa