Guys i have site to site VPN.....VPN is up....only on epc has got a problem connecting to headend application server....when i did debug i got following line can someone please explain that to me.....the ip rang eis included in access-list i have no idea whats going on
IPSEC(crypto_map_check_encrypt_core): mtree says we have SA but couldn't find current outbound SA. dropping pak. pak->cryptoflags=0x2000820
Was this working or is it a new l2l setup? if it was working something must have changed in ike configuration, check complete IKE policy configuration and make sure both ends match information , e.g pre-share info isakmp key etc..
The question is , is it the whole tunel down or is it just one connection from source to destination having issues, do you have any other connection ok within the tunnel?
you will have to provide more information as other poster indicated " show crypto ipsec sa", you may need to also debug " debug crypto isakmp ".. but again provide information as to if complete tunel is down or if it is one connection off the tunnel having issues.
only one connection is down.....the tunnel is up......and other pc's are fine....only this on eis having issue.....the strange thing is the ip of this pc is included in intrusting traffic and all other are working excepy this one.....what does this error means can you please tell me
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...