Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

Issue with Tunnel between two ASAs.

atoms4piece
Level 1
Level 1

‎09-19-2017 06:57 AM - edited ‎02-21-2020 06:19 AM

Hello,

 

So I'm what I'd call... "fairly new" to firewalling. 

 

I've got two sites that have a site to site tunnel (technically 3, but we'll get to that later), that have issues. I have a total of 12+ sites. All of them connect through a site to site tunnel to a central location in my current state.

 

The central location (C) "was" able to just receive data from site A, but not send back to C. So it was one-way traffic. Today, there is no tunnel, not even one way traffic. I was curious if I should post my config for both, to see if anyone could assist. I'ev rebuilt the tunnel from scratch, twice. Still doesn't seem to fix the issue. Are there any commands to assist find out why I can't get the tunnel up?

Labels:
0 Helpful
1 Reply 1

niko
Level 1
Level 1

‎09-19-2017 11:22 AM

I'd start by debugging and see why IKE/IPSec SA are not coming up.

Information on debug commands:

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#pix_dbgs

 

Useful article about IKE/IPSec on the ASAs and how everything ties together:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113574-tg-asa-ipsec-ike-debugs-main-00.html 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card