WellingtonIS
asked on
Cisco Firepower Manager
I have a tunnel with another company that works and then it doesn't. I ran troubleshooting and this is the result. I have an ACL and it's open. Can anyone give me a clue as to why this keeps happening?
Phase: 11
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xffd9ab4a20, priority=70, domain=encrypt, deny=false
hits=151, user_data=0x0, cs_id=0xffd4433df0, reverse, flags=0x0, protocol=0
(Inside) src ip/id=10.75.13.90, mask=255.255.255.255, port=0, tag=any
(outside) dst ip/id=66.220.42.201, mask=255.255.255.255, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=outside
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Phase: 11
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xffd9ab4a20, priority=70, domain=encrypt, deny=false
hits=151, user_data=0x0, cs_id=0xffd4433df0, reverse, flags=0x0, protocol=0
(Inside) src ip/id=10.75.13.90, mask=255.255.255.255, port=0, tag=any
(outside) dst ip/id=66.220.42.201, mask=255.255.255.255, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=outside
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
You need to troubleshoot, phase 1 and phase 2 when the tunnel goes down, or if its sporadic you need to have some debugs running.
</P>