NAT rule is denying traffic through S2S vpn tunnel on 5510 (8.02)

Unanswered Question
Sep 9th, 2007

I swapped out our PIX with an ASA 5510 v8.02 and one of tunnels won't allow traffic through. The dynnamic NAT rule shows up as the culprit in packet tracer. Our traffic has to be NATed to get to their site DMZ servers. Not sure what I missed in the conversion from PIX to ASA

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
htacisocnet Mon, 09/10/2007 - 05:49

That was missing. So I issued the command but it dinn't change anything. I also see the following error for traffic that should be allowed through the tunnel

Sep 10 2007 08:45:09 106001 Stibo_HTQuark Inbound TCP connection denied from to Stibo_HTQuark/11207 flags SYN on interface Inside

htacisocnet Mon, 09/10/2007 - 10:31

Found the problem. It was in the ACL used for Group Policy on the Tunnel Group.


This Discussion