Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
1
Replies

ASA 5520 Denying All Tunneled IP Traffic

wk_everett
Level 1
Level 1

‎02-13-2008 10:24 AM - edited ‎03-11-2019 05:02 AM

250 remote sites use ezvpn to connect back to ASA 5520. Tunnels show active but do not pass any IP traffic. The only way to resolve issue is to "clear crypto ipsec sa". Has happened twice in the last 3 days. Logs show messages of denying traffic for ex:

Feb 11 2008 14:42:42: %ASA-3-106014: Deny inbound icmp src outside:172.16.123.205 dst inside:x.x.x.x (type 8, code 0)

Feb 11 2008 14:42:42: %ASA-2-106006: Deny inbound UDP from x.x.x.x/2442 to 172.16.124.129/161 on interface inside

Running 7.2(2) code. Has anyone seen this before and know what the problem is?

Thanks

Labels:
0 Helpful
1 Reply 1

jcal133378
Level 1
Level 1

‎02-20-2008 08:43 AM

Probably, the cause for this issue might be congestion due to more vpn traffic. So, whenever you cleared the IPsec tunnel, it started working properly however after sometime, it will hang once it reaches the maximum handling capacity. Check the hardware specifications of the current setup, enhance its capacity for handling more traffic.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card