?
Solved

Traffic Not Being Passed Over Cisco ASA site to site VPN

Posted on 2010-11-08
7
Medium Priority
?
3,276 Views
Last Modified: 2012-05-10
Hi,

Got a problem with an ASA not sending traffic back down a tunnel.

The tunnel comes up, I can see from the VPN monitor that traffic is received from the remote network. I can see from a PCAP that the ICMP packet is being received by the local ASA, sent to the host on the LAN , that the host is then replying and the ICMP reply is being received by the ASA on the inside interface.

Unfortunately I never see an encrypted packet leaving the ASA on the outside interface and no Tx on the VPN monitor.

I've checked Packet Tracer and the ASA expects the traffic to be tunnelled... really not sure why this has suddenly stopped working since Friday, it's unlikley that anybody has fiddled with the box. The relevant config is attached.

Any suggestions welcome!
name 10.10.0.0 RB_VLANS
!
access-list outside_1_cryptomap extended permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
!
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
!
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.0.0.0 255.255.0.0
!
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 82.109.x.x
crypto map outside_map 1 set transform-set ESP-3DES-SHA

aw-fw# sho ver

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

aw-fw up 32 days 22 hours

Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
 0: Int: Internal-Data0/0    : address is f866.f257.500e, irq 11
 1: Ext: Ethernet0/0         : address is f866.f257.5006, irq 255
 2: Ext: Ethernet0/1         : address is f866.f257.5007, irq 255
 3: Ext: Ethernet0/2         : address is f866.f257.5008, irq 255
 4: Ext: Ethernet0/3         : address is f866.f257.5009, irq 255
 5: Ext: Ethernet0/4         : address is f866.f257.500a, irq 255
 6: Ext: Ethernet0/5         : address is f866.f257.500b, irq 255
 7: Ext: Ethernet0/6         : address is f866.f257.500c, irq 255
 8: Ext: Ethernet0/7         : address is f866.f257.500d, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces  : 8
VLANs                        : 3, DMZ Restricted
Inside Hosts                 : 50
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
SSL VPN Peers                : 2
Total VPN Peers              : 10
Dual ISPs                    : Disabled
VLAN Trunk Ports             : 0
Shared License               : Disabled
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials        : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions      : 2
Total UC Proxy Sessions      : 2
Botnet Traffic Filter        : Disabled

This platform has a Base license.

Open in new window

0
Comment
Question by:TSG_Users
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34085295
please provide us:

sh xlate
sh cry isa sa
sh cry ips sa
0
 
LVL 1

Author Comment

by:TSG_Users
ID: 34085410
The host on the LAN that is being Pinged is 10.0.0.101.

aw-fw#    sho cry ips sa
interface: outside
    Crypto map tag: outside_map, seq num: 1, local addr: 194.217.0.66

      access-list outside_1_cryptomap permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
      local ident (addr/mask/prot/port): (10.0.0.0/255.255.0.0/0/0)
      remote ident (addr/mask/prot/port): (RB_VLANS/255.255.0.0/0/0)
      current_peer: 82.109.166.226

      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 140, #pkts decrypt: 140, #pkts verify: 140
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 194.217.0.66, remote crypto endpt.: 82.109.166.226

      path mtu 1500, ipsec overhead 58, media mtu 1500
      current outbound spi: F2E3D698

    inbound esp sas:
      spi: 0x89504FB4 (2303741876)
         transform: esp-3des esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 2654208, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (4373986/26514)
         IV size: 8 bytes
         replay detection support: Y
         Anti replay bitmap:
          0xFFFFFFFF 0xFFFFFFFF
    outbound esp sas:
      spi: 0xF2E3D698 (4075017880)
         transform: esp-3des esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 2654208, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (4374000/26514)
         IV size: 8 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x00000001

aw-fw#    sho cry isa sa

   Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer: 82.109.166.226
    Type    : L2L             Role    : responder
    Rekey   : no              State   : MM_ACTIVE


aw-fw# sho xlate
209 in use, 1483 most used
Global 194.217.0.67 Local 10.0.0.4
Global 194.217.0.68 Local w2k-email
Global 194.217.0.69 Local adserv
PAT Global 194.217.0.66(34974) Local 10.0.0.23(1617)
PAT Global 194.217.0.66(20935) Local 10.0.0.23(1616)
PAT Global 194.217.0.66(54447) Local 10.0.0.23(1615)
PAT Global 194.217.0.66(33374) Local 10.0.0.88(2965)
PAT Global 194.217.0.66(19454) Local 10.0.0.71(63068)
PAT Global 194.217.0.66(41325) Local 10.0.0.71(63067)
PAT Global 194.217.0.66(31478) Local 10.0.0.71(63066)
PAT Global 194.217.0.66(44671) Local 10.0.0.71(63065)
PAT Global 194.217.0.66(10868) Local 10.0.0.71(63060)
PAT Global 194.217.0.66(6922) Local 10.0.0.71(63057)
PAT Global 194.217.0.66(2422) Local 10.0.0.71(62908)
PAT Global 194.217.0.66(27573) Local 10.0.0.71(63577)
PAT Global 194.217.0.66(59585) Local 10.0.0.103(4316)
PAT Global 194.217.0.66(32769) Local 10.0.0.103(4315)
PAT Global 194.217.0.66(53510) Local 10.0.0.103(4314)
PAT Global 194.217.0.66(2586) Local 10.0.0.103(2355)
PAT Global 194.217.0.66(52288) Local 10.0.0.103(1797)
PAT Global 194.217.0.66(24779) Local 10.0.0.6(56694)
PAT Global 194.217.0.66(58593) Local 10.0.0.6(54740)
PAT Global 194.217.0.66(49099) Local 10.0.0.6(55945)
PAT Global 194.217.0.66(1037) Local 10.0.0.6(61810)
PAT Global 194.217.0.66(22220) Local 10.0.0.6(49186)
PAT Global 194.217.0.66(28470) Local 10.0.0.6(59096)
PAT Global 194.217.0.66(7035) Local 10.0.0.75(1300)
PAT Global 194.217.0.66(55983) Local 10.0.0.75(1299)
PAT Global 194.217.0.66(48787) Local 10.0.0.75(1298)
PAT Global 194.217.0.66(34262) Local 10.0.0.75(1297)
PAT Global 194.217.0.66(37444) Local 10.0.0.75(1293)
PAT Global 194.217.0.66(58695) Local 10.0.0.75(1284)
PAT Global 194.217.0.66(12669) Local 10.0.0.75(1280)
PAT Global 194.217.0.66(54641) Local 10.0.0.75(1179)
PAT Global 194.217.0.66(7703) Local 10.0.0.75(1145)
PAT Global 194.217.0.66(3454) Local 10.0.0.75(1122)
PAT Global 194.217.0.66(48675) Local 10.0.0.75(4466)
PAT Global 194.217.0.66(34648) Local 10.0.0.75(4439)
PAT Global 194.217.0.66(42847) Local 10.0.0.75(4383)
PAT Global 194.217.0.66(6977) Local 10.0.0.75(4319)
PAT Global 194.217.0.66(45791) Local 10.0.0.75(4311)
PAT Global 194.217.0.66(49032) Local 10.0.0.75(4118)
PAT Global 194.217.0.66(25535) Local 10.0.0.75(4096)
PAT Global 194.217.0.66(33836) Local 10.0.0.75(4080)
PAT Global 194.217.0.66(31185) Local 10.0.0.75(3852)
PAT Global 194.217.0.66(3914) Local 10.0.0.75(3738)
PAT Global 194.217.0.66(14501) Local 10.0.0.75(3737)
PAT Global 194.217.0.66(65476) Local 10.0.0.75(3600)
PAT Global 194.217.0.66(36477) Local 10.0.0.75(3309)
PAT Global 194.217.0.66(37942) Local 10.0.0.75(3246)
PAT Global 194.217.0.66(18374) Local 10.0.0.75(3158)
PAT Global 194.217.0.66(47583) Local 10.0.0.75(3060)
PAT Global 194.217.0.66(47718) Local 10.0.0.75(2940)
PAT Global 194.217.0.66(57889) Local 10.0.0.75(2818)
PAT Global 194.217.0.66(29141) Local 10.0.0.75(2713)
PAT Global 194.217.0.66(40699) Local 10.0.0.75(2434)
PAT Global 194.217.0.66(29108) Local 10.0.0.75(1486)
PAT Global 194.217.0.66(11099) Local 10.0.0.75(1210)
PAT Global 194.217.0.66(55505) Local 10.0.0.62(50888)
PAT Global 194.217.0.66(20386) Local 10.0.0.78(3265)
PAT Global 194.217.0.66(5351) Local 10.0.0.97(60121)
PAT Global 194.217.0.66(31941) Local 10.0.0.97(60120)
PAT Global 194.217.0.66(32841) Local 10.0.0.97(60119)
PAT Global 194.217.0.66(46351) Local 10.0.0.97(60118)
PAT Global 194.217.0.66(8069) Local 10.0.0.97(60117)
PAT Global 194.217.0.66(12745) Local 10.0.0.97(60106)
PAT Global 194.217.0.66(44168) Local 10.0.0.97(60012)
PAT Global 194.217.0.66(33062) Local 10.0.0.97(60002)
PAT Global 194.217.0.66(44264) Local 10.0.0.97(60001)
PAT Global 194.217.0.66(11649) Local 10.0.0.97(59973)
PAT Global 194.217.0.66(1354) Local 10.0.0.97(59941)
PAT Global 194.217.0.66(42728) Local 10.0.0.97(59920)
PAT Global 194.217.0.66(4030) Local 10.0.0.97(59890)
PAT Global 194.217.0.66(38522) Local 10.0.0.97(59881)
PAT Global 194.217.0.66(19994) Local 10.0.0.97(59877)
PAT Global 194.217.0.66(54508) Local 10.0.0.97(59875)
PAT Global 194.217.0.66(44121) Local 10.0.0.97(59866)
PAT Global 194.217.0.66(14061) Local 10.0.0.97(59821)
PAT Global 194.217.0.66(61194) Local 10.0.0.97(59623)
PAT Global 194.217.0.66(31989) Local 10.0.0.97(59619)
PAT Global 194.217.0.66(20478) Local 10.0.0.97(59595)
PAT Global 194.217.0.66(47814) Local 10.0.0.97(59585)
PAT Global 194.217.0.66(15640) Local 10.0.0.97(59581)
PAT Global 194.217.0.66(49354) Local 10.0.0.97(59571)
PAT Global 194.217.0.66(2610) Local 10.0.0.97(59467)
PAT Global 194.217.0.66(13248) Local 10.0.0.97(59451)
PAT Global 194.217.0.66(37677) Local 10.0.0.97(59447)
PAT Global 194.217.0.66(6994) Local 10.0.0.97(59439)
PAT Global 194.217.0.66(31806) Local 10.0.0.97(59177)
PAT Global 194.217.0.66(14287) Local 10.0.0.97(59025)
PAT Global 194.217.0.66(26172) Local 10.0.0.97(58989)
PAT Global 194.217.0.66(19192) Local 10.0.0.97(58979)
PAT Global 194.217.0.66(2551) Local 10.0.0.97(58810)
PAT Global 194.217.0.66(30726) Local 10.0.0.97(58805)
PAT Global 194.217.0.66(53987) Local 10.0.0.97(58802)
PAT Global 194.217.0.66(26672) Local 10.0.0.97(58679)
PAT Global 194.217.0.66(20768) Local 10.0.0.97(58660)
PAT Global 194.217.0.66(54689) Local 10.0.0.97(58654)
PAT Global 194.217.0.66(55335) Local 10.0.0.97(58631)
PAT Global 194.217.0.66(14449) Local 10.0.0.97(58614)
PAT Global 194.217.0.66(18964) Local 10.0.0.97(58606)
PAT Global 194.217.0.66(31252) Local 10.0.0.97(58478)
PAT Global 194.217.0.66(15200) Local 10.0.0.97(57656)
PAT Global 194.217.0.66(47262) Local 10.0.0.97(57654)
PAT Global 194.217.0.66(53356) Local 10.0.0.97(55812)
PAT Global 194.217.0.66(17920) Local 10.0.0.102(3178)
PAT Global 194.217.0.66(16893) Local 10.0.0.107(4676)
PAT Global 194.217.0.66(5577) Local 10.0.0.107(4675)
PAT Global 194.217.0.66(48523) Local 10.0.0.107(4674)
PAT Global 194.217.0.66(7495) Local 10.0.0.107(4551)
PAT Global 194.217.0.66(36022) Local 10.0.0.107(4548)
PAT Global 194.217.0.66(3086) Local 10.0.0.107(1056)
PAT Global 194.217.0.66(44110) Local 10.0.0.99(4600)
PAT Global 194.217.0.66(34514) Local 10.0.0.99(4492)
PAT Global 194.217.0.66(13998) Local 10.0.0.99(4487)
PAT Global 194.217.0.66(35170) Local 10.0.0.99(4469)
PAT Global 194.217.0.66(12037) Local 10.0.0.99(4409)
PAT Global 194.217.0.66(6826) Local 10.0.0.99(4402)
PAT Global 194.217.0.66(46166) Local 10.0.0.99(4146)
PAT Global 194.217.0.66(2893) Local 10.0.0.99(4113)
PAT Global 194.217.0.66(48980) Local 10.0.0.99(3876)
PAT Global 194.217.0.66(37882) Local 10.0.0.99(3867)
PAT Global 194.217.0.66(61023) Local 10.0.0.99(3220)
PAT Global 194.217.0.66(63565) Local 10.0.0.99(1057)
PAT Global 194.217.0.66(6397) Local 10.0.0.99(1047)
PAT Global 194.217.0.66(27222) Local 10.0.0.83(2079)
PAT Global 194.217.0.66(60576) Local 10.0.0.65(54153)
PAT Global 194.217.0.66(45338) Local 10.0.0.65(54135)
PAT Global 194.217.0.66(29427) Local 10.0.0.65(49161)
PAT Global 194.217.0.66(28521) Local 10.0.0.93(1918)
PAT Global 194.217.0.66(42687) Local 10.0.0.93(1917)
PAT Global 194.217.0.66(31517) Local 10.0.0.93(1913)
PAT Global 194.217.0.66(57228) Local 10.0.0.93(1902)
PAT Global 194.217.0.66(43896) Local 10.0.0.93(1899)
PAT Global 194.217.0.66(34386) Local 10.0.0.93(1896)
PAT Global 194.217.0.66(26210) Local 10.0.0.93(1886)
PAT Global 194.217.0.66(7227) Local 10.0.0.93(1877)
PAT Global 194.217.0.66(6464) Local 10.0.0.93(1872)
PAT Global 194.217.0.66(8948) Local 10.0.0.93(1870)
PAT Global 194.217.0.66(32850) Local 10.0.0.93(1861)
PAT Global 194.217.0.66(36944) Local 10.0.0.93(1860)
PAT Global 194.217.0.66(17017) Local 10.0.0.93(1857)
PAT Global 194.217.0.66(39884) Local 10.0.0.93(1856)
PAT Global 194.217.0.66(58525) Local 10.0.0.93(1853)
PAT Global 194.217.0.66(20255) Local 10.0.0.93(1836)
PAT Global 194.217.0.66(13440) Local 10.0.0.93(1821)
PAT Global 194.217.0.66(12608) Local 10.0.0.93(1810)
PAT Global 194.217.0.66(10515) Local 10.0.0.93(1797)
PAT Global 194.217.0.66(44979) Local 10.0.0.93(1793)
PAT Global 194.217.0.66(61675) Local 10.0.0.93(1782)
PAT Global 194.217.0.66(22402) Local 10.0.0.93(1772)
PAT Global 194.217.0.66(10389) Local 10.0.0.93(1770)
PAT Global 194.217.0.66(64436) Local 10.0.0.93(1742)
PAT Global 194.217.0.66(2030) Local 10.0.0.93(1740)
PAT Global 194.217.0.66(20028) Local 10.0.0.93(1731)
PAT Global 194.217.0.66(54087) Local 10.0.0.93(1704)
PAT Global 194.217.0.66(42108) Local 10.0.0.93(1692)
PAT Global 194.217.0.66(57145) Local 10.0.0.93(1690)
PAT Global 194.217.0.66(48345) Local 10.0.0.93(1672)
PAT Global 194.217.0.66(5750) Local 10.0.0.93(1650)
PAT Global 194.217.0.66(41182) Local 10.0.0.93(1621)
PAT Global 194.217.0.66(45703) Local 10.0.0.93(1592)
PAT Global 194.217.0.66(38412) Local 10.0.0.93(1551)
PAT Global 194.217.0.66(47589) Local 10.0.0.93(1543)
PAT Global 194.217.0.66(13048) Local 10.0.0.93(1518)
PAT Global 194.217.0.66(19562) Local 10.0.0.93(1479)
PAT Global 194.217.0.66(31918) Local 10.0.0.93(1407)
PAT Global 194.217.0.66(3975) Local 10.0.0.93(1395)
PAT Global 194.217.0.66(31005) Local 10.0.0.93(1335)
PAT Global 194.217.0.66(13211) Local 10.0.0.93(1317)
PAT Global 194.217.0.66(9709) Local 10.0.0.93(1081)
PAT Global 194.217.0.66(11757) Local 10.0.0.93(4918)
PAT Global 194.217.0.66(48833) Local 10.0.0.93(4904)
PAT Global 194.217.0.66(14497) Local 10.0.0.93(4836)
PAT Global 194.217.0.66(19869) Local 10.0.0.93(4764)
PAT Global 194.217.0.66(48358) Local 10.0.0.93(4684)
PAT Global 194.217.0.66(20182) Local 10.0.0.93(4644)
PAT Global 194.217.0.66(34515) Local 10.0.0.93(4562)
PAT Global 194.217.0.66(63434) Local 10.0.0.93(3152)
PAT Global 194.217.0.66(11650) Local 10.0.0.93(2273)
PAT Global 194.217.0.66(60843) Local 10.0.0.93(1133)
PAT Global 194.217.0.66(5475) Local 10.0.0.93(1038)
PAT Global 194.217.0.66(8863) Local 10.0.0.95(1417)
PAT Global 194.217.0.66(11752) Local 10.0.0.94(49162)
PAT Global 194.217.0.66(24096) Local 10.0.0.106(3960)
PAT Global 194.217.0.66(8777) Local 10.0.0.106(3892)
PAT Global 194.217.0.66(22367) Local 10.0.0.106(3743)
PAT Global 194.217.0.66(64962) Local 10.0.0.106(3674)
PAT Global 194.217.0.66(58063) Local 10.0.0.106(2642)
PAT Global 194.217.0.66(55726) Local 10.0.0.106(4275)
PAT Global 194.217.0.66(52543) Local 10.0.0.70(50431)
PAT Global 194.217.0.66(17382) Local 10.0.0.70(49326)
PAT Global 194.217.0.66(21855) Local 10.0.0.101(64483)
PAT Global 194.217.0.66(57807) Local 10.0.0.101(50871)
PAT Global 194.217.0.66(47775) Local 10.0.0.101(60735)
PAT Global 194.217.0.66(32558) Local 10.0.0.101(61652)
PAT Global 194.217.0.66(39364) Local 10.0.0.101(65494)
PAT Global 194.217.0.66(28086) Local 10.0.0.101(50954)
PAT Global 194.217.0.66(27311) Local 10.0.0.101(60845)
PAT Global 194.217.0.66(3164) Local 10.0.0.101(61811)
PAT Global 194.217.0.66(5950) Local 10.0.0.101(49455)
PAT Global 194.217.0.66(55360) Local 10.0.0.101(65026)
PAT Global 194.217.0.66(13893) Local 10.0.0.101(50622)
PAT Global 194.217.0.66(43981) Local 10.0.0.101(49776)
PAT Global 194.217.0.66(44366) Local 10.0.0.101(63751)
PAT Global 194.217.0.66(10635) Local 10.0.0.101(64499)
PAT Global 194.217.0.66(47150) Local 10.0.0.101(51722)
PAT Global 194.217.0.66(55511) Local 10.0.0.101(2703)
aw-fw#

0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 750 total points
ID: 34086439
it seems there is nonat problem, or the client on ASA site not able to reach the asa....

Did you reloaded the asa?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 9

Expert Comment

by:gavving
ID: 34087309
What do you have for "route" statements in the ASA?  Do you have any statements for the 10.10.0.0/16 subnet?  Or any statements that would include that subnet?  Ensure that the ASA knows to route the 10.10.0.0/16 subnet out the outside interface.  If you don't have any other static routes, then a default gateway will take care of this.  But sometimes a 10.0.0.0/8 route gets added and pointed to an internal device.  That would cause this behavior.

0
 
LVL 1

Author Comment

by:TSG_Users
ID: 34088669
I've had a chance to reload it now and it appears to have fixed it I can now ping both ways

aw-fw(config)# sho cry ips sa

      #pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 3
      #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 3
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 3, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

There was nothing wrong with the configuration - any thoughts on what it might have been from the diagnostics? There is only some many times you can get away with a reboot as a solution to a problem!
0
 
LVL 9

Accepted Solution

by:
gavving earned 750 total points
ID: 34088718
It could have been a few things.  It could be an xlate table problem, or a problem with the IPsec tunnel.   I would try these commands first before rebooting as they should clear out any of those types of issues.

clear crypto isakmp sa
clear crypto ipsec sa
clear xlate

Note the clear xlate might disconnect active TCP sessions and force them to be reconnected.

Glad its working though.
0
 
LVL 1

Author Closing Comment

by:TSG_Users
ID: 34094831
Would have been preferable to try the clear options prior to the reload.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Considering cloud tradeoffs and determining the right mix for your organization.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question