Solved

Traffic Not Being Passed Over Cisco ASA site to site VPN

Posted on 2010-11-08
7
3,001 Views
Last Modified: 2012-05-10
Hi,

Got a problem with an ASA not sending traffic back down a tunnel.

The tunnel comes up, I can see from the VPN monitor that traffic is received from the remote network. I can see from a PCAP that the ICMP packet is being received by the local ASA, sent to the host on the LAN , that the host is then replying and the ICMP reply is being received by the ASA on the inside interface.

Unfortunately I never see an encrypted packet leaving the ASA on the outside interface and no Tx on the VPN monitor.

I've checked Packet Tracer and the ASA expects the traffic to be tunnelled... really not sure why this has suddenly stopped working since Friday, it's unlikley that anybody has fiddled with the box. The relevant config is attached.

Any suggestions welcome!
name 10.10.0.0 RB_VLANS
!
access-list outside_1_cryptomap extended permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
!
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
!
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.0.0.0 255.255.0.0
!
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 82.109.x.x
crypto map outside_map 1 set transform-set ESP-3DES-SHA

aw-fw# sho ver

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

aw-fw up 32 days 22 hours

Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
 0: Int: Internal-Data0/0    : address is f866.f257.500e, irq 11
 1: Ext: Ethernet0/0         : address is f866.f257.5006, irq 255
 2: Ext: Ethernet0/1         : address is f866.f257.5007, irq 255
 3: Ext: Ethernet0/2         : address is f866.f257.5008, irq 255
 4: Ext: Ethernet0/3         : address is f866.f257.5009, irq 255
 5: Ext: Ethernet0/4         : address is f866.f257.500a, irq 255
 6: Ext: Ethernet0/5         : address is f866.f257.500b, irq 255
 7: Ext: Ethernet0/6         : address is f866.f257.500c, irq 255
 8: Ext: Ethernet0/7         : address is f866.f257.500d, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces  : 8
VLANs                        : 3, DMZ Restricted
Inside Hosts                 : 50
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
SSL VPN Peers                : 2
Total VPN Peers              : 10
Dual ISPs                    : Disabled
VLAN Trunk Ports             : 0
Shared License               : Disabled
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials        : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions      : 2
Total UC Proxy Sessions      : 2
Botnet Traffic Filter        : Disabled

This platform has a Base license.

Open in new window

0
Comment
Question by:TSG_Users
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34085295
please provide us:

sh xlate
sh cry isa sa
sh cry ips sa
0
 
LVL 1

Author Comment

by:TSG_Users
ID: 34085410
The host on the LAN that is being Pinged is 10.0.0.101.

aw-fw#    sho cry ips sa
interface: outside
    Crypto map tag: outside_map, seq num: 1, local addr: 194.217.0.66

      access-list outside_1_cryptomap permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
      local ident (addr/mask/prot/port): (10.0.0.0/255.255.0.0/0/0)
      remote ident (addr/mask/prot/port): (RB_VLANS/255.255.0.0/0/0)
      current_peer: 82.109.166.226

      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 140, #pkts decrypt: 140, #pkts verify: 140
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 194.217.0.66, remote crypto endpt.: 82.109.166.226

      path mtu 1500, ipsec overhead 58, media mtu 1500
      current outbound spi: F2E3D698

    inbound esp sas:
      spi: 0x89504FB4 (2303741876)
         transform: esp-3des esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 2654208, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (4373986/26514)
         IV size: 8 bytes
         replay detection support: Y
         Anti replay bitmap:
          0xFFFFFFFF 0xFFFFFFFF
    outbound esp sas:
      spi: 0xF2E3D698 (4075017880)
         transform: esp-3des esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 2654208, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (4374000/26514)
         IV size: 8 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x00000001

aw-fw#    sho cry isa sa

   Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer: 82.109.166.226
    Type    : L2L             Role    : responder
    Rekey   : no              State   : MM_ACTIVE


aw-fw# sho xlate
209 in use, 1483 most used
Global 194.217.0.67 Local 10.0.0.4
Global 194.217.0.68 Local w2k-email
Global 194.217.0.69 Local adserv
PAT Global 194.217.0.66(34974) Local 10.0.0.23(1617)
PAT Global 194.217.0.66(20935) Local 10.0.0.23(1616)
PAT Global 194.217.0.66(54447) Local 10.0.0.23(1615)
PAT Global 194.217.0.66(33374) Local 10.0.0.88(2965)
PAT Global 194.217.0.66(19454) Local 10.0.0.71(63068)
PAT Global 194.217.0.66(41325) Local 10.0.0.71(63067)
PAT Global 194.217.0.66(31478) Local 10.0.0.71(63066)
PAT Global 194.217.0.66(44671) Local 10.0.0.71(63065)
PAT Global 194.217.0.66(10868) Local 10.0.0.71(63060)
PAT Global 194.217.0.66(6922) Local 10.0.0.71(63057)
PAT Global 194.217.0.66(2422) Local 10.0.0.71(62908)
PAT Global 194.217.0.66(27573) Local 10.0.0.71(63577)
PAT Global 194.217.0.66(59585) Local 10.0.0.103(4316)
PAT Global 194.217.0.66(32769) Local 10.0.0.103(4315)
PAT Global 194.217.0.66(53510) Local 10.0.0.103(4314)
PAT Global 194.217.0.66(2586) Local 10.0.0.103(2355)
PAT Global 194.217.0.66(52288) Local 10.0.0.103(1797)
PAT Global 194.217.0.66(24779) Local 10.0.0.6(56694)
PAT Global 194.217.0.66(58593) Local 10.0.0.6(54740)
PAT Global 194.217.0.66(49099) Local 10.0.0.6(55945)
PAT Global 194.217.0.66(1037) Local 10.0.0.6(61810)
PAT Global 194.217.0.66(22220) Local 10.0.0.6(49186)
PAT Global 194.217.0.66(28470) Local 10.0.0.6(59096)
PAT Global 194.217.0.66(7035) Local 10.0.0.75(1300)
PAT Global 194.217.0.66(55983) Local 10.0.0.75(1299)
PAT Global 194.217.0.66(48787) Local 10.0.0.75(1298)
PAT Global 194.217.0.66(34262) Local 10.0.0.75(1297)
PAT Global 194.217.0.66(37444) Local 10.0.0.75(1293)
PAT Global 194.217.0.66(58695) Local 10.0.0.75(1284)
PAT Global 194.217.0.66(12669) Local 10.0.0.75(1280)
PAT Global 194.217.0.66(54641) Local 10.0.0.75(1179)
PAT Global 194.217.0.66(7703) Local 10.0.0.75(1145)
PAT Global 194.217.0.66(3454) Local 10.0.0.75(1122)
PAT Global 194.217.0.66(48675) Local 10.0.0.75(4466)
PAT Global 194.217.0.66(34648) Local 10.0.0.75(4439)
PAT Global 194.217.0.66(42847) Local 10.0.0.75(4383)
PAT Global 194.217.0.66(6977) Local 10.0.0.75(4319)
PAT Global 194.217.0.66(45791) Local 10.0.0.75(4311)
PAT Global 194.217.0.66(49032) Local 10.0.0.75(4118)
PAT Global 194.217.0.66(25535) Local 10.0.0.75(4096)
PAT Global 194.217.0.66(33836) Local 10.0.0.75(4080)
PAT Global 194.217.0.66(31185) Local 10.0.0.75(3852)
PAT Global 194.217.0.66(3914) Local 10.0.0.75(3738)
PAT Global 194.217.0.66(14501) Local 10.0.0.75(3737)
PAT Global 194.217.0.66(65476) Local 10.0.0.75(3600)
PAT Global 194.217.0.66(36477) Local 10.0.0.75(3309)
PAT Global 194.217.0.66(37942) Local 10.0.0.75(3246)
PAT Global 194.217.0.66(18374) Local 10.0.0.75(3158)
PAT Global 194.217.0.66(47583) Local 10.0.0.75(3060)
PAT Global 194.217.0.66(47718) Local 10.0.0.75(2940)
PAT Global 194.217.0.66(57889) Local 10.0.0.75(2818)
PAT Global 194.217.0.66(29141) Local 10.0.0.75(2713)
PAT Global 194.217.0.66(40699) Local 10.0.0.75(2434)
PAT Global 194.217.0.66(29108) Local 10.0.0.75(1486)
PAT Global 194.217.0.66(11099) Local 10.0.0.75(1210)
PAT Global 194.217.0.66(55505) Local 10.0.0.62(50888)
PAT Global 194.217.0.66(20386) Local 10.0.0.78(3265)
PAT Global 194.217.0.66(5351) Local 10.0.0.97(60121)
PAT Global 194.217.0.66(31941) Local 10.0.0.97(60120)
PAT Global 194.217.0.66(32841) Local 10.0.0.97(60119)
PAT Global 194.217.0.66(46351) Local 10.0.0.97(60118)
PAT Global 194.217.0.66(8069) Local 10.0.0.97(60117)
PAT Global 194.217.0.66(12745) Local 10.0.0.97(60106)
PAT Global 194.217.0.66(44168) Local 10.0.0.97(60012)
PAT Global 194.217.0.66(33062) Local 10.0.0.97(60002)
PAT Global 194.217.0.66(44264) Local 10.0.0.97(60001)
PAT Global 194.217.0.66(11649) Local 10.0.0.97(59973)
PAT Global 194.217.0.66(1354) Local 10.0.0.97(59941)
PAT Global 194.217.0.66(42728) Local 10.0.0.97(59920)
PAT Global 194.217.0.66(4030) Local 10.0.0.97(59890)
PAT Global 194.217.0.66(38522) Local 10.0.0.97(59881)
PAT Global 194.217.0.66(19994) Local 10.0.0.97(59877)
PAT Global 194.217.0.66(54508) Local 10.0.0.97(59875)
PAT Global 194.217.0.66(44121) Local 10.0.0.97(59866)
PAT Global 194.217.0.66(14061) Local 10.0.0.97(59821)
PAT Global 194.217.0.66(61194) Local 10.0.0.97(59623)
PAT Global 194.217.0.66(31989) Local 10.0.0.97(59619)
PAT Global 194.217.0.66(20478) Local 10.0.0.97(59595)
PAT Global 194.217.0.66(47814) Local 10.0.0.97(59585)
PAT Global 194.217.0.66(15640) Local 10.0.0.97(59581)
PAT Global 194.217.0.66(49354) Local 10.0.0.97(59571)
PAT Global 194.217.0.66(2610) Local 10.0.0.97(59467)
PAT Global 194.217.0.66(13248) Local 10.0.0.97(59451)
PAT Global 194.217.0.66(37677) Local 10.0.0.97(59447)
PAT Global 194.217.0.66(6994) Local 10.0.0.97(59439)
PAT Global 194.217.0.66(31806) Local 10.0.0.97(59177)
PAT Global 194.217.0.66(14287) Local 10.0.0.97(59025)
PAT Global 194.217.0.66(26172) Local 10.0.0.97(58989)
PAT Global 194.217.0.66(19192) Local 10.0.0.97(58979)
PAT Global 194.217.0.66(2551) Local 10.0.0.97(58810)
PAT Global 194.217.0.66(30726) Local 10.0.0.97(58805)
PAT Global 194.217.0.66(53987) Local 10.0.0.97(58802)
PAT Global 194.217.0.66(26672) Local 10.0.0.97(58679)
PAT Global 194.217.0.66(20768) Local 10.0.0.97(58660)
PAT Global 194.217.0.66(54689) Local 10.0.0.97(58654)
PAT Global 194.217.0.66(55335) Local 10.0.0.97(58631)
PAT Global 194.217.0.66(14449) Local 10.0.0.97(58614)
PAT Global 194.217.0.66(18964) Local 10.0.0.97(58606)
PAT Global 194.217.0.66(31252) Local 10.0.0.97(58478)
PAT Global 194.217.0.66(15200) Local 10.0.0.97(57656)
PAT Global 194.217.0.66(47262) Local 10.0.0.97(57654)
PAT Global 194.217.0.66(53356) Local 10.0.0.97(55812)
PAT Global 194.217.0.66(17920) Local 10.0.0.102(3178)
PAT Global 194.217.0.66(16893) Local 10.0.0.107(4676)
PAT Global 194.217.0.66(5577) Local 10.0.0.107(4675)
PAT Global 194.217.0.66(48523) Local 10.0.0.107(4674)
PAT Global 194.217.0.66(7495) Local 10.0.0.107(4551)
PAT Global 194.217.0.66(36022) Local 10.0.0.107(4548)
PAT Global 194.217.0.66(3086) Local 10.0.0.107(1056)
PAT Global 194.217.0.66(44110) Local 10.0.0.99(4600)
PAT Global 194.217.0.66(34514) Local 10.0.0.99(4492)
PAT Global 194.217.0.66(13998) Local 10.0.0.99(4487)
PAT Global 194.217.0.66(35170) Local 10.0.0.99(4469)
PAT Global 194.217.0.66(12037) Local 10.0.0.99(4409)
PAT Global 194.217.0.66(6826) Local 10.0.0.99(4402)
PAT Global 194.217.0.66(46166) Local 10.0.0.99(4146)
PAT Global 194.217.0.66(2893) Local 10.0.0.99(4113)
PAT Global 194.217.0.66(48980) Local 10.0.0.99(3876)
PAT Global 194.217.0.66(37882) Local 10.0.0.99(3867)
PAT Global 194.217.0.66(61023) Local 10.0.0.99(3220)
PAT Global 194.217.0.66(63565) Local 10.0.0.99(1057)
PAT Global 194.217.0.66(6397) Local 10.0.0.99(1047)
PAT Global 194.217.0.66(27222) Local 10.0.0.83(2079)
PAT Global 194.217.0.66(60576) Local 10.0.0.65(54153)
PAT Global 194.217.0.66(45338) Local 10.0.0.65(54135)
PAT Global 194.217.0.66(29427) Local 10.0.0.65(49161)
PAT Global 194.217.0.66(28521) Local 10.0.0.93(1918)
PAT Global 194.217.0.66(42687) Local 10.0.0.93(1917)
PAT Global 194.217.0.66(31517) Local 10.0.0.93(1913)
PAT Global 194.217.0.66(57228) Local 10.0.0.93(1902)
PAT Global 194.217.0.66(43896) Local 10.0.0.93(1899)
PAT Global 194.217.0.66(34386) Local 10.0.0.93(1896)
PAT Global 194.217.0.66(26210) Local 10.0.0.93(1886)
PAT Global 194.217.0.66(7227) Local 10.0.0.93(1877)
PAT Global 194.217.0.66(6464) Local 10.0.0.93(1872)
PAT Global 194.217.0.66(8948) Local 10.0.0.93(1870)
PAT Global 194.217.0.66(32850) Local 10.0.0.93(1861)
PAT Global 194.217.0.66(36944) Local 10.0.0.93(1860)
PAT Global 194.217.0.66(17017) Local 10.0.0.93(1857)
PAT Global 194.217.0.66(39884) Local 10.0.0.93(1856)
PAT Global 194.217.0.66(58525) Local 10.0.0.93(1853)
PAT Global 194.217.0.66(20255) Local 10.0.0.93(1836)
PAT Global 194.217.0.66(13440) Local 10.0.0.93(1821)
PAT Global 194.217.0.66(12608) Local 10.0.0.93(1810)
PAT Global 194.217.0.66(10515) Local 10.0.0.93(1797)
PAT Global 194.217.0.66(44979) Local 10.0.0.93(1793)
PAT Global 194.217.0.66(61675) Local 10.0.0.93(1782)
PAT Global 194.217.0.66(22402) Local 10.0.0.93(1772)
PAT Global 194.217.0.66(10389) Local 10.0.0.93(1770)
PAT Global 194.217.0.66(64436) Local 10.0.0.93(1742)
PAT Global 194.217.0.66(2030) Local 10.0.0.93(1740)
PAT Global 194.217.0.66(20028) Local 10.0.0.93(1731)
PAT Global 194.217.0.66(54087) Local 10.0.0.93(1704)
PAT Global 194.217.0.66(42108) Local 10.0.0.93(1692)
PAT Global 194.217.0.66(57145) Local 10.0.0.93(1690)
PAT Global 194.217.0.66(48345) Local 10.0.0.93(1672)
PAT Global 194.217.0.66(5750) Local 10.0.0.93(1650)
PAT Global 194.217.0.66(41182) Local 10.0.0.93(1621)
PAT Global 194.217.0.66(45703) Local 10.0.0.93(1592)
PAT Global 194.217.0.66(38412) Local 10.0.0.93(1551)
PAT Global 194.217.0.66(47589) Local 10.0.0.93(1543)
PAT Global 194.217.0.66(13048) Local 10.0.0.93(1518)
PAT Global 194.217.0.66(19562) Local 10.0.0.93(1479)
PAT Global 194.217.0.66(31918) Local 10.0.0.93(1407)
PAT Global 194.217.0.66(3975) Local 10.0.0.93(1395)
PAT Global 194.217.0.66(31005) Local 10.0.0.93(1335)
PAT Global 194.217.0.66(13211) Local 10.0.0.93(1317)
PAT Global 194.217.0.66(9709) Local 10.0.0.93(1081)
PAT Global 194.217.0.66(11757) Local 10.0.0.93(4918)
PAT Global 194.217.0.66(48833) Local 10.0.0.93(4904)
PAT Global 194.217.0.66(14497) Local 10.0.0.93(4836)
PAT Global 194.217.0.66(19869) Local 10.0.0.93(4764)
PAT Global 194.217.0.66(48358) Local 10.0.0.93(4684)
PAT Global 194.217.0.66(20182) Local 10.0.0.93(4644)
PAT Global 194.217.0.66(34515) Local 10.0.0.93(4562)
PAT Global 194.217.0.66(63434) Local 10.0.0.93(3152)
PAT Global 194.217.0.66(11650) Local 10.0.0.93(2273)
PAT Global 194.217.0.66(60843) Local 10.0.0.93(1133)
PAT Global 194.217.0.66(5475) Local 10.0.0.93(1038)
PAT Global 194.217.0.66(8863) Local 10.0.0.95(1417)
PAT Global 194.217.0.66(11752) Local 10.0.0.94(49162)
PAT Global 194.217.0.66(24096) Local 10.0.0.106(3960)
PAT Global 194.217.0.66(8777) Local 10.0.0.106(3892)
PAT Global 194.217.0.66(22367) Local 10.0.0.106(3743)
PAT Global 194.217.0.66(64962) Local 10.0.0.106(3674)
PAT Global 194.217.0.66(58063) Local 10.0.0.106(2642)
PAT Global 194.217.0.66(55726) Local 10.0.0.106(4275)
PAT Global 194.217.0.66(52543) Local 10.0.0.70(50431)
PAT Global 194.217.0.66(17382) Local 10.0.0.70(49326)
PAT Global 194.217.0.66(21855) Local 10.0.0.101(64483)
PAT Global 194.217.0.66(57807) Local 10.0.0.101(50871)
PAT Global 194.217.0.66(47775) Local 10.0.0.101(60735)
PAT Global 194.217.0.66(32558) Local 10.0.0.101(61652)
PAT Global 194.217.0.66(39364) Local 10.0.0.101(65494)
PAT Global 194.217.0.66(28086) Local 10.0.0.101(50954)
PAT Global 194.217.0.66(27311) Local 10.0.0.101(60845)
PAT Global 194.217.0.66(3164) Local 10.0.0.101(61811)
PAT Global 194.217.0.66(5950) Local 10.0.0.101(49455)
PAT Global 194.217.0.66(55360) Local 10.0.0.101(65026)
PAT Global 194.217.0.66(13893) Local 10.0.0.101(50622)
PAT Global 194.217.0.66(43981) Local 10.0.0.101(49776)
PAT Global 194.217.0.66(44366) Local 10.0.0.101(63751)
PAT Global 194.217.0.66(10635) Local 10.0.0.101(64499)
PAT Global 194.217.0.66(47150) Local 10.0.0.101(51722)
PAT Global 194.217.0.66(55511) Local 10.0.0.101(2703)
aw-fw#

0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 250 total points
ID: 34086439
it seems there is nonat problem, or the client on ASA site not able to reach the asa....

Did you reloaded the asa?
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 9

Expert Comment

by:gavving
ID: 34087309
What do you have for "route" statements in the ASA?  Do you have any statements for the 10.10.0.0/16 subnet?  Or any statements that would include that subnet?  Ensure that the ASA knows to route the 10.10.0.0/16 subnet out the outside interface.  If you don't have any other static routes, then a default gateway will take care of this.  But sometimes a 10.0.0.0/8 route gets added and pointed to an internal device.  That would cause this behavior.

0
 
LVL 1

Author Comment

by:TSG_Users
ID: 34088669
I've had a chance to reload it now and it appears to have fixed it I can now ping both ways

aw-fw(config)# sho cry ips sa

      #pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 3
      #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 3
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 3, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

There was nothing wrong with the configuration - any thoughts on what it might have been from the diagnostics? There is only some many times you can get away with a reboot as a solution to a problem!
0
 
LVL 9

Accepted Solution

by:
gavving earned 250 total points
ID: 34088718
It could have been a few things.  It could be an xlate table problem, or a problem with the IPsec tunnel.   I would try these commands first before rebooting as they should clear out any of those types of issues.

clear crypto isakmp sa
clear crypto ipsec sa
clear xlate

Note the clear xlate might disconnect active TCP sessions and force them to be reconnected.

Glad its working though.
0
 
LVL 1

Author Closing Comment

by:TSG_Users
ID: 34094831
Would have been preferable to try the clear options prior to the reload.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question