×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Site-to-site VPN between two ASAs, one does not encrypt traffic

Unanswered Question
Dec 7th, 2011
User Badges:

Hello,


I have a site-to-site VPN established between two ASA firewalls. It was working fine for a while now, however VPN was brought down due to some other outage in the network. Now the VPN comes back up (both phases established), but I do NOT see "encaps", encrypts" on one ASA. That means one of the ASAs is not encrypting traffic, and so it gets dropped. I dont even see any hits on the crypto ACL of this ASA.


I have made sure that the inside traffic is not NATed and I have a route to remote network thorugh the interface where crypto is applied.


Does any one have any suggestions of how to debug/resolve this issue?


Thank you!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marvin Rhoads Thu, 12/08/2011 - 11:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Is the cryptomap acess-list being called by the tunnel in question at the errant end?

Actions

This Discussion