#Pkts encaps 0 but pkts decaps 203

Unanswered Question
Apr 29th, 2014
User Badges:

Hey Guys, I have been stuck and need yours support. L2L tunnel is up and working fine, I have configured two network in that one is working fine,

but on the other network I am having this issue. I reconfigured the tunnel but no luck. kindly suggest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vishnu Sharma Tue, 04/29/2014 - 01:15
User Badges:
  • Cisco Employee,

Hi,

 

If I got you correctly, you are not able to pass traffic across the VPN tunnel. Please correct me if I am wrong.  The problem lies on the ASA where encrypt is "0". There can be several reasons for packets not getting encrypted. They are:

1. Nat Exempt is not applied on the ASA or any other NAT rule is redirecting it through any other interface.

2. Return traffic from the host is not coming back to the ASA so that it can get encrypted. To verify this, apply capture on inside interface so as to see outgoing and incoming packets.

3. Traffic is getting encrypted and is entering any other tunnel.

4. Traffic is getting dropped by the ASA because of any conflicting rule.

 

Please focus on these issues anf it does not help then share the configuration and I will be in better position to help you.

 

Vishnu

enggaamir Tue, 04/29/2014 - 02:32
User Badges:

Hi Vishnu,

  Thanks for the reply. Actually I have created same NAT rule for both the subnet, but one is working fine and the other is having this issue. Please see the attached IPSEC detail.

Attachment: 
johnlloyd_13 Wed, 04/30/2014 - 09:03
User Badges:
  • Blue, 1500 points or more

Hi,

Check your crypto ACL and make sure they're 'mirror' from each other.

enggaamir Thu, 05/01/2014 - 01:36
User Badges:

Hey John, Actually it was working perfect in past, not sure what goes wrong.

Yes crypto ACL's are mirrored. Tunnel is Up and traffic passing on one subnet but the other is giving problem. Anyways the problem has been solved by removing the VPN configuration and reconfigured, Also have changed the pre-shared key.

Thank you guys for all the valuable comments and support. smiley

 

 

Actions

This Discussion