07-27-2010 10:16 PM
Hello,
We have L2L VPN between Cisco router and PIX515E. We recently added couple of hosts to Encryption domain and when we try intiate traffic we get Send Errors on sh ipsec sa. The hosts that were there proviosely in Encryption domain are accessible.We have made sure, both ends encryption domain is same and but on our end we get these send errors.
Looking for some directions here to troubleshoot this issues.
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 15, #recv errors 0
Thanks in advance
Regards,
Venky.
07-28-2010 01:07 AM
so you mean to say the tunel is up and you are able to pass traffic between the
2 sites expect few hosts which you added recently
07-28-2010 02:02 AM
Yes, thats correct.
07-28-2010 03:50 AM
can you paste the crypto configuration on both ends
also do you see the same issue when you try from the PIX side- if so probably you can run a packet-tracer to show where it is failing
07-28-2010 03:51 AM
also do you have any vpn filter applied on your PIX
07-28-2010 04:58 AM
I have pix 515E with 6.3(5) running and i dont think i have option to run packet tracer. I do not have any VPN filter applied. connection always intiated from PIX not from the other end.
07-28-2010 06:26 AM
Anything showing up in the logs when you pass this traffic?
07-28-2010 07:49 AM
Yes, I see hits on ACL and show conns shows
TCP out x.x.x.x :80 in y.y.y.y.:45058 idle 0:01:21 Bytes 0 flags saA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide