Solved

Traffic Not Being Passed Over Cisco ASA site to site VPN

Posted on 2010-11-08
7
2,598 Views
Last Modified: 2012-05-10
Hi,

Got a problem with an ASA not sending traffic back down a tunnel.

The tunnel comes up, I can see from the VPN monitor that traffic is received from the remote network. I can see from a PCAP that the ICMP packet is being received by the local ASA, sent to the host on the LAN , that the host is then replying and the ICMP reply is being received by the ASA on the inside interface.

Unfortunately I never see an encrypted packet leaving the ASA on the outside interface and no Tx on the VPN monitor.

I've checked Packet Tracer and the ASA expects the traffic to be tunnelled... really not sure why this has suddenly stopped working since Friday, it's unlikley that anybody has fiddled with the box. The relevant config is attached.

Any suggestions welcome!
name 10.10.0.0 RB_VLANS

!

access-list outside_1_cryptomap extended permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0

!

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0

!

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 10.0.0.0 255.255.0.0

!

crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 set pfs

crypto map outside_map 1 set peer 82.109.x.x

crypto map outside_map 1 set transform-set ESP-3DES-SHA



aw-fw# sho ver



Cisco Adaptive Security Appliance Software Version 8.2(1)

Device Manager Version 6.2(1)



Compiled on Tue 05-May-09 22:45 by builders

System image file is "disk0:/asa821-k8.bin"

Config file at boot was "startup-config"



aw-fw up 32 days 22 hours



Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB



Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

 0: Int: Internal-Data0/0    : address is f866.f257.500e, irq 11

 1: Ext: Ethernet0/0         : address is f866.f257.5006, irq 255

 2: Ext: Ethernet0/1         : address is f866.f257.5007, irq 255

 3: Ext: Ethernet0/2         : address is f866.f257.5008, irq 255

 4: Ext: Ethernet0/3         : address is f866.f257.5009, irq 255

 5: Ext: Ethernet0/4         : address is f866.f257.500a, irq 255

 6: Ext: Ethernet0/5         : address is f866.f257.500b, irq 255

 7: Ext: Ethernet0/6         : address is f866.f257.500c, irq 255

 8: Ext: Ethernet0/7         : address is f866.f257.500d, irq 255

 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255



Licensed features for this platform:

Maximum Physical Interfaces  : 8

VLANs                        : 3, DMZ Restricted

Inside Hosts                 : 50

Failover                     : Disabled

VPN-DES                      : Enabled

VPN-3DES-AES                 : Enabled

SSL VPN Peers                : 2

Total VPN Peers              : 10

Dual ISPs                    : Disabled

VLAN Trunk Ports             : 0

Shared License               : Disabled

AnyConnect for Mobile        : Disabled

AnyConnect for Linksys phone : Disabled

AnyConnect Essentials        : Disabled

Advanced Endpoint Assessment : Disabled

UC Phone Proxy Sessions      : 2

Total UC Proxy Sessions      : 2

Botnet Traffic Filter        : Disabled



This platform has a Base license.

Open in new window

0
Comment
Question by:TSG_Users
  • 3
  • 2
  • 2
7 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
please provide us:

sh xlate
sh cry isa sa
sh cry ips sa
0
 
LVL 1

Author Comment

by:TSG_Users
Comment Utility
The host on the LAN that is being Pinged is 10.0.0.101.

aw-fw#    sho cry ips sa
interface: outside
    Crypto map tag: outside_map, seq num: 1, local addr: 194.217.0.66

      access-list outside_1_cryptomap permit ip 10.0.0.0 255.255.0.0 RB_VLANS 255.255.0.0
      local ident (addr/mask/prot/port): (10.0.0.0/255.255.0.0/0/0)
      remote ident (addr/mask/prot/port): (RB_VLANS/255.255.0.0/0/0)
      current_peer: 82.109.166.226

      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 140, #pkts decrypt: 140, #pkts verify: 140
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 194.217.0.66, remote crypto endpt.: 82.109.166.226

      path mtu 1500, ipsec overhead 58, media mtu 1500
      current outbound spi: F2E3D698

    inbound esp sas:
      spi: 0x89504FB4 (2303741876)
         transform: esp-3des esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 2654208, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (4373986/26514)
         IV size: 8 bytes
         replay detection support: Y
         Anti replay bitmap:
          0xFFFFFFFF 0xFFFFFFFF
    outbound esp sas:
      spi: 0xF2E3D698 (4075017880)
         transform: esp-3des esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 2654208, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (4374000/26514)
         IV size: 8 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x00000001

aw-fw#    sho cry isa sa

   Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer: 82.109.166.226
    Type    : L2L             Role    : responder
    Rekey   : no              State   : MM_ACTIVE


aw-fw# sho xlate
209 in use, 1483 most used
Global 194.217.0.67 Local 10.0.0.4
Global 194.217.0.68 Local w2k-email
Global 194.217.0.69 Local adserv
PAT Global 194.217.0.66(34974) Local 10.0.0.23(1617)
PAT Global 194.217.0.66(20935) Local 10.0.0.23(1616)
PAT Global 194.217.0.66(54447) Local 10.0.0.23(1615)
PAT Global 194.217.0.66(33374) Local 10.0.0.88(2965)
PAT Global 194.217.0.66(19454) Local 10.0.0.71(63068)
PAT Global 194.217.0.66(41325) Local 10.0.0.71(63067)
PAT Global 194.217.0.66(31478) Local 10.0.0.71(63066)
PAT Global 194.217.0.66(44671) Local 10.0.0.71(63065)
PAT Global 194.217.0.66(10868) Local 10.0.0.71(63060)
PAT Global 194.217.0.66(6922) Local 10.0.0.71(63057)
PAT Global 194.217.0.66(2422) Local 10.0.0.71(62908)
PAT Global 194.217.0.66(27573) Local 10.0.0.71(63577)
PAT Global 194.217.0.66(59585) Local 10.0.0.103(4316)
PAT Global 194.217.0.66(32769) Local 10.0.0.103(4315)
PAT Global 194.217.0.66(53510) Local 10.0.0.103(4314)
PAT Global 194.217.0.66(2586) Local 10.0.0.103(2355)
PAT Global 194.217.0.66(52288) Local 10.0.0.103(1797)
PAT Global 194.217.0.66(24779) Local 10.0.0.6(56694)
PAT Global 194.217.0.66(58593) Local 10.0.0.6(54740)
PAT Global 194.217.0.66(49099) Local 10.0.0.6(55945)
PAT Global 194.217.0.66(1037) Local 10.0.0.6(61810)
PAT Global 194.217.0.66(22220) Local 10.0.0.6(49186)
PAT Global 194.217.0.66(28470) Local 10.0.0.6(59096)
PAT Global 194.217.0.66(7035) Local 10.0.0.75(1300)
PAT Global 194.217.0.66(55983) Local 10.0.0.75(1299)
PAT Global 194.217.0.66(48787) Local 10.0.0.75(1298)
PAT Global 194.217.0.66(34262) Local 10.0.0.75(1297)
PAT Global 194.217.0.66(37444) Local 10.0.0.75(1293)
PAT Global 194.217.0.66(58695) Local 10.0.0.75(1284)
PAT Global 194.217.0.66(12669) Local 10.0.0.75(1280)
PAT Global 194.217.0.66(54641) Local 10.0.0.75(1179)
PAT Global 194.217.0.66(7703) Local 10.0.0.75(1145)
PAT Global 194.217.0.66(3454) Local 10.0.0.75(1122)
PAT Global 194.217.0.66(48675) Local 10.0.0.75(4466)
PAT Global 194.217.0.66(34648) Local 10.0.0.75(4439)
PAT Global 194.217.0.66(42847) Local 10.0.0.75(4383)
PAT Global 194.217.0.66(6977) Local 10.0.0.75(4319)
PAT Global 194.217.0.66(45791) Local 10.0.0.75(4311)
PAT Global 194.217.0.66(49032) Local 10.0.0.75(4118)
PAT Global 194.217.0.66(25535) Local 10.0.0.75(4096)
PAT Global 194.217.0.66(33836) Local 10.0.0.75(4080)
PAT Global 194.217.0.66(31185) Local 10.0.0.75(3852)
PAT Global 194.217.0.66(3914) Local 10.0.0.75(3738)
PAT Global 194.217.0.66(14501) Local 10.0.0.75(3737)
PAT Global 194.217.0.66(65476) Local 10.0.0.75(3600)
PAT Global 194.217.0.66(36477) Local 10.0.0.75(3309)
PAT Global 194.217.0.66(37942) Local 10.0.0.75(3246)
PAT Global 194.217.0.66(18374) Local 10.0.0.75(3158)
PAT Global 194.217.0.66(47583) Local 10.0.0.75(3060)
PAT Global 194.217.0.66(47718) Local 10.0.0.75(2940)
PAT Global 194.217.0.66(57889) Local 10.0.0.75(2818)
PAT Global 194.217.0.66(29141) Local 10.0.0.75(2713)
PAT Global 194.217.0.66(40699) Local 10.0.0.75(2434)
PAT Global 194.217.0.66(29108) Local 10.0.0.75(1486)
PAT Global 194.217.0.66(11099) Local 10.0.0.75(1210)
PAT Global 194.217.0.66(55505) Local 10.0.0.62(50888)
PAT Global 194.217.0.66(20386) Local 10.0.0.78(3265)
PAT Global 194.217.0.66(5351) Local 10.0.0.97(60121)
PAT Global 194.217.0.66(31941) Local 10.0.0.97(60120)
PAT Global 194.217.0.66(32841) Local 10.0.0.97(60119)
PAT Global 194.217.0.66(46351) Local 10.0.0.97(60118)
PAT Global 194.217.0.66(8069) Local 10.0.0.97(60117)
PAT Global 194.217.0.66(12745) Local 10.0.0.97(60106)
PAT Global 194.217.0.66(44168) Local 10.0.0.97(60012)
PAT Global 194.217.0.66(33062) Local 10.0.0.97(60002)
PAT Global 194.217.0.66(44264) Local 10.0.0.97(60001)
PAT Global 194.217.0.66(11649) Local 10.0.0.97(59973)
PAT Global 194.217.0.66(1354) Local 10.0.0.97(59941)
PAT Global 194.217.0.66(42728) Local 10.0.0.97(59920)
PAT Global 194.217.0.66(4030) Local 10.0.0.97(59890)
PAT Global 194.217.0.66(38522) Local 10.0.0.97(59881)
PAT Global 194.217.0.66(19994) Local 10.0.0.97(59877)
PAT Global 194.217.0.66(54508) Local 10.0.0.97(59875)
PAT Global 194.217.0.66(44121) Local 10.0.0.97(59866)
PAT Global 194.217.0.66(14061) Local 10.0.0.97(59821)
PAT Global 194.217.0.66(61194) Local 10.0.0.97(59623)
PAT Global 194.217.0.66(31989) Local 10.0.0.97(59619)
PAT Global 194.217.0.66(20478) Local 10.0.0.97(59595)
PAT Global 194.217.0.66(47814) Local 10.0.0.97(59585)
PAT Global 194.217.0.66(15640) Local 10.0.0.97(59581)
PAT Global 194.217.0.66(49354) Local 10.0.0.97(59571)
PAT Global 194.217.0.66(2610) Local 10.0.0.97(59467)
PAT Global 194.217.0.66(13248) Local 10.0.0.97(59451)
PAT Global 194.217.0.66(37677) Local 10.0.0.97(59447)
PAT Global 194.217.0.66(6994) Local 10.0.0.97(59439)
PAT Global 194.217.0.66(31806) Local 10.0.0.97(59177)
PAT Global 194.217.0.66(14287) Local 10.0.0.97(59025)
PAT Global 194.217.0.66(26172) Local 10.0.0.97(58989)
PAT Global 194.217.0.66(19192) Local 10.0.0.97(58979)
PAT Global 194.217.0.66(2551) Local 10.0.0.97(58810)
PAT Global 194.217.0.66(30726) Local 10.0.0.97(58805)
PAT Global 194.217.0.66(53987) Local 10.0.0.97(58802)
PAT Global 194.217.0.66(26672) Local 10.0.0.97(58679)
PAT Global 194.217.0.66(20768) Local 10.0.0.97(58660)
PAT Global 194.217.0.66(54689) Local 10.0.0.97(58654)
PAT Global 194.217.0.66(55335) Local 10.0.0.97(58631)
PAT Global 194.217.0.66(14449) Local 10.0.0.97(58614)
PAT Global 194.217.0.66(18964) Local 10.0.0.97(58606)
PAT Global 194.217.0.66(31252) Local 10.0.0.97(58478)
PAT Global 194.217.0.66(15200) Local 10.0.0.97(57656)
PAT Global 194.217.0.66(47262) Local 10.0.0.97(57654)
PAT Global 194.217.0.66(53356) Local 10.0.0.97(55812)
PAT Global 194.217.0.66(17920) Local 10.0.0.102(3178)
PAT Global 194.217.0.66(16893) Local 10.0.0.107(4676)
PAT Global 194.217.0.66(5577) Local 10.0.0.107(4675)
PAT Global 194.217.0.66(48523) Local 10.0.0.107(4674)
PAT Global 194.217.0.66(7495) Local 10.0.0.107(4551)
PAT Global 194.217.0.66(36022) Local 10.0.0.107(4548)
PAT Global 194.217.0.66(3086) Local 10.0.0.107(1056)
PAT Global 194.217.0.66(44110) Local 10.0.0.99(4600)
PAT Global 194.217.0.66(34514) Local 10.0.0.99(4492)
PAT Global 194.217.0.66(13998) Local 10.0.0.99(4487)
PAT Global 194.217.0.66(35170) Local 10.0.0.99(4469)
PAT Global 194.217.0.66(12037) Local 10.0.0.99(4409)
PAT Global 194.217.0.66(6826) Local 10.0.0.99(4402)
PAT Global 194.217.0.66(46166) Local 10.0.0.99(4146)
PAT Global 194.217.0.66(2893) Local 10.0.0.99(4113)
PAT Global 194.217.0.66(48980) Local 10.0.0.99(3876)
PAT Global 194.217.0.66(37882) Local 10.0.0.99(3867)
PAT Global 194.217.0.66(61023) Local 10.0.0.99(3220)
PAT Global 194.217.0.66(63565) Local 10.0.0.99(1057)
PAT Global 194.217.0.66(6397) Local 10.0.0.99(1047)
PAT Global 194.217.0.66(27222) Local 10.0.0.83(2079)
PAT Global 194.217.0.66(60576) Local 10.0.0.65(54153)
PAT Global 194.217.0.66(45338) Local 10.0.0.65(54135)
PAT Global 194.217.0.66(29427) Local 10.0.0.65(49161)
PAT Global 194.217.0.66(28521) Local 10.0.0.93(1918)
PAT Global 194.217.0.66(42687) Local 10.0.0.93(1917)
PAT Global 194.217.0.66(31517) Local 10.0.0.93(1913)
PAT Global 194.217.0.66(57228) Local 10.0.0.93(1902)
PAT Global 194.217.0.66(43896) Local 10.0.0.93(1899)
PAT Global 194.217.0.66(34386) Local 10.0.0.93(1896)
PAT Global 194.217.0.66(26210) Local 10.0.0.93(1886)
PAT Global 194.217.0.66(7227) Local 10.0.0.93(1877)
PAT Global 194.217.0.66(6464) Local 10.0.0.93(1872)
PAT Global 194.217.0.66(8948) Local 10.0.0.93(1870)
PAT Global 194.217.0.66(32850) Local 10.0.0.93(1861)
PAT Global 194.217.0.66(36944) Local 10.0.0.93(1860)
PAT Global 194.217.0.66(17017) Local 10.0.0.93(1857)
PAT Global 194.217.0.66(39884) Local 10.0.0.93(1856)
PAT Global 194.217.0.66(58525) Local 10.0.0.93(1853)
PAT Global 194.217.0.66(20255) Local 10.0.0.93(1836)
PAT Global 194.217.0.66(13440) Local 10.0.0.93(1821)
PAT Global 194.217.0.66(12608) Local 10.0.0.93(1810)
PAT Global 194.217.0.66(10515) Local 10.0.0.93(1797)
PAT Global 194.217.0.66(44979) Local 10.0.0.93(1793)
PAT Global 194.217.0.66(61675) Local 10.0.0.93(1782)
PAT Global 194.217.0.66(22402) Local 10.0.0.93(1772)
PAT Global 194.217.0.66(10389) Local 10.0.0.93(1770)
PAT Global 194.217.0.66(64436) Local 10.0.0.93(1742)
PAT Global 194.217.0.66(2030) Local 10.0.0.93(1740)
PAT Global 194.217.0.66(20028) Local 10.0.0.93(1731)
PAT Global 194.217.0.66(54087) Local 10.0.0.93(1704)
PAT Global 194.217.0.66(42108) Local 10.0.0.93(1692)
PAT Global 194.217.0.66(57145) Local 10.0.0.93(1690)
PAT Global 194.217.0.66(48345) Local 10.0.0.93(1672)
PAT Global 194.217.0.66(5750) Local 10.0.0.93(1650)
PAT Global 194.217.0.66(41182) Local 10.0.0.93(1621)
PAT Global 194.217.0.66(45703) Local 10.0.0.93(1592)
PAT Global 194.217.0.66(38412) Local 10.0.0.93(1551)
PAT Global 194.217.0.66(47589) Local 10.0.0.93(1543)
PAT Global 194.217.0.66(13048) Local 10.0.0.93(1518)
PAT Global 194.217.0.66(19562) Local 10.0.0.93(1479)
PAT Global 194.217.0.66(31918) Local 10.0.0.93(1407)
PAT Global 194.217.0.66(3975) Local 10.0.0.93(1395)
PAT Global 194.217.0.66(31005) Local 10.0.0.93(1335)
PAT Global 194.217.0.66(13211) Local 10.0.0.93(1317)
PAT Global 194.217.0.66(9709) Local 10.0.0.93(1081)
PAT Global 194.217.0.66(11757) Local 10.0.0.93(4918)
PAT Global 194.217.0.66(48833) Local 10.0.0.93(4904)
PAT Global 194.217.0.66(14497) Local 10.0.0.93(4836)
PAT Global 194.217.0.66(19869) Local 10.0.0.93(4764)
PAT Global 194.217.0.66(48358) Local 10.0.0.93(4684)
PAT Global 194.217.0.66(20182) Local 10.0.0.93(4644)
PAT Global 194.217.0.66(34515) Local 10.0.0.93(4562)
PAT Global 194.217.0.66(63434) Local 10.0.0.93(3152)
PAT Global 194.217.0.66(11650) Local 10.0.0.93(2273)
PAT Global 194.217.0.66(60843) Local 10.0.0.93(1133)
PAT Global 194.217.0.66(5475) Local 10.0.0.93(1038)
PAT Global 194.217.0.66(8863) Local 10.0.0.95(1417)
PAT Global 194.217.0.66(11752) Local 10.0.0.94(49162)
PAT Global 194.217.0.66(24096) Local 10.0.0.106(3960)
PAT Global 194.217.0.66(8777) Local 10.0.0.106(3892)
PAT Global 194.217.0.66(22367) Local 10.0.0.106(3743)
PAT Global 194.217.0.66(64962) Local 10.0.0.106(3674)
PAT Global 194.217.0.66(58063) Local 10.0.0.106(2642)
PAT Global 194.217.0.66(55726) Local 10.0.0.106(4275)
PAT Global 194.217.0.66(52543) Local 10.0.0.70(50431)
PAT Global 194.217.0.66(17382) Local 10.0.0.70(49326)
PAT Global 194.217.0.66(21855) Local 10.0.0.101(64483)
PAT Global 194.217.0.66(57807) Local 10.0.0.101(50871)
PAT Global 194.217.0.66(47775) Local 10.0.0.101(60735)
PAT Global 194.217.0.66(32558) Local 10.0.0.101(61652)
PAT Global 194.217.0.66(39364) Local 10.0.0.101(65494)
PAT Global 194.217.0.66(28086) Local 10.0.0.101(50954)
PAT Global 194.217.0.66(27311) Local 10.0.0.101(60845)
PAT Global 194.217.0.66(3164) Local 10.0.0.101(61811)
PAT Global 194.217.0.66(5950) Local 10.0.0.101(49455)
PAT Global 194.217.0.66(55360) Local 10.0.0.101(65026)
PAT Global 194.217.0.66(13893) Local 10.0.0.101(50622)
PAT Global 194.217.0.66(43981) Local 10.0.0.101(49776)
PAT Global 194.217.0.66(44366) Local 10.0.0.101(63751)
PAT Global 194.217.0.66(10635) Local 10.0.0.101(64499)
PAT Global 194.217.0.66(47150) Local 10.0.0.101(51722)
PAT Global 194.217.0.66(55511) Local 10.0.0.101(2703)
aw-fw#

0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 250 total points
Comment Utility
it seems there is nonat problem, or the client on ASA site not able to reach the asa....

Did you reloaded the asa?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 9

Expert Comment

by:gavving
Comment Utility
What do you have for "route" statements in the ASA?  Do you have any statements for the 10.10.0.0/16 subnet?  Or any statements that would include that subnet?  Ensure that the ASA knows to route the 10.10.0.0/16 subnet out the outside interface.  If you don't have any other static routes, then a default gateway will take care of this.  But sometimes a 10.0.0.0/8 route gets added and pointed to an internal device.  That would cause this behavior.

0
 
LVL 1

Author Comment

by:TSG_Users
Comment Utility
I've had a chance to reload it now and it appears to have fixed it I can now ping both ways

aw-fw(config)# sho cry ips sa

      #pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 3
      #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 3
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 3, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

There was nothing wrong with the configuration - any thoughts on what it might have been from the diagnostics? There is only some many times you can get away with a reboot as a solution to a problem!
0
 
LVL 9

Accepted Solution

by:
gavving earned 250 total points
Comment Utility
It could have been a few things.  It could be an xlate table problem, or a problem with the IPsec tunnel.   I would try these commands first before rebooting as they should clear out any of those types of issues.

clear crypto isakmp sa
clear crypto ipsec sa
clear xlate

Note the clear xlate might disconnect active TCP sessions and force them to be reconnected.

Glad its working though.
0
 
LVL 1

Author Closing Comment

by:TSG_Users
Comment Utility
Would have been preferable to try the clear options prior to the reload.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now