ASA Dropping Traffic

Unanswered Question
Dec 27th, 2009

I am trying without success to allow traffic through a VPN that terminates on my ASA firewall. It is a site to site VPN with the distant end being a Juniper Netscreen. It is a working tunnel and I am trying to add access to a specific pair of hosts to and from a specific subnet. When I use the packet tracer tool in ASDM it report that the flow is not allowed because of "(acl-drop) Flow is denied by configured rule." this happens in the VPN section of the packet tracer display.

The flow I was tracing was from port 49 (on the inside) to also on port 49 (on the outside).

My cryptomap acl includes the following line:

access-list outside_cryptomap_20 line 1 extended permit ip host (hitcnt=330) 0x46d3dd4b

However the ASA syslog is filling up with entries like:

3    Dec 27 2009    08:03:55    713042             IKE Initiator unable to find policy: Intf outside, Src:, Dst:

The help for this message says to check my L2L policies. The cryptomap ACL would seem to be the relevant policy.

What am I doing wrong?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion