VPN issue - 1 host within tunnel not communicating/traffic not encrypting
Posted on 2012-08-20
-We have a VPN tunnel between 2 of our sites. On one side, 5 individual hosts are permitted access (side A) to an entire subnet range on the other side (side B), and vice versa.
-4 of the hosts on side A are able to effectively communicate with the subnet range in side B
-1 host in Side A is not reachable from any other host in the opposite subnet on the other side of the tunnel. It *is*, however, able to communicate with a 3rd site that has a separate tunnel built up
-On the firewall for side B, a sh crypto ipsec peer command shows that, as it pertains to the problem host, ping packets being sent across the tunnel from the host are being decrypted, but no packets on the side opposite that tunnel are being encrypted.
-Obviously, ping tests from the individual problem host on Side A to side B (and B to A) are failing.
-Traceroutes from Side A die out after reaching the VPN peer on Side A. There is no tracerouting possible on Side B (by design)
So it seems to me that the problem might be associated with the firewall on side B. But the rest of the tunnel performs as normal. It should be noted that this connectivity problem is new, used to work previously, and to our knowledge, nothing was changed on either side of the tunnel to precipitate the breakage.
Troubleshooting steps thus far included bouncing the tunnel, tearing down the entire crypto map and re-adding it, rebooting the machine nobody from Side B can reach