VPN Tunnel shows connected on ASA's but no traffic flows through

Unanswered Question
Nov 17th, 2008
User Badges:
  • Bronze, 100 points or more

I had two ASA's connected via site-to-site VPN tunnel for several months now (and working) and now something has changed that doesn't allow any traffic from one end to the other. My end shows all zeroes on encaps an hundreds of thousands of decaps. While everything looks the same in the configs something has changed to break my connection. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Tue, 11/18/2008 - 05:38
User Badges:
  • Cisco Employee,

Hi,


Has something changed with your internal routing for this remote subnet. If you are seeing decaps, it means you are receiving traffic but having issues with the return traffic. Check the routing as well as NAT Configuration (NAT 0) on the ASA.


Also, make sure there are no overlapping IPSEC ACL between difference peers.


Regards,

Arul


*Pls rate if it helps*

Jason Gervia Tue, 11/18/2008 - 08:17
User Badges:
  • Cisco Employee,

Arul's right on the money here - we can't really tell you any more without seeing the configuration. It's probably either a routing issue (the traffic isn't being routed back to the ASA) or you

Actions

This Discussion