Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

S2S VPN Interesting traffic not comming up

Hello Experts,

We have a Site to site VPN set up to client and a new IP 67.22.X.X is been added over the VPN tunnel recently at both the sides. i do see successfull Phase 2 tunnel up for the 67.22.X.X 

but the encry/encaps are not incrementing over the tunnel if i generate a traffic via Packet-tracer.Unfortunately, i couldnt generate traffic from 67.22.X.X as it is a printer.But client says they do see the traffic Leaving their side tunnel when they try to access Printer(67.22.X.X) but i donot see anything on my side.

Kindly, help me on this.

-ASAVPN201A# packet-tracer input Inside icmp 10.224.128.88 8 0 170.23.X.X

Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list

Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   0.0.0.0         0.0.0.0         outside

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside,outside) source static obj-10.224.128.88 obj-67.22.X.X destination static XX_REMOTE XX_REMOTE description
Additional Information:
Static translate 10.224.128.88/0 to 67.22.X.X/0

Phase: 7
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:

Phase: 8
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 409065573, packet dispatched to next module

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow

-ASAVPN201A#

-ASAVPN201A# sh crypto ipsec sa peer 170.232.X.X | beg 67.22.X.X
      access-list outside_cryptomap_520 extended permit ip host 67.22.X.X host 170.23.X.X
      local ident (addr/mask/prot/port): (67.22.X.X/255.255.255.255/0/0)
      remote ident (addr/mask/prot/port): (170.23.X.X/255.255.255.255/0/0)
      current_peer: 170.23.X.X

      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 67.223.63.1/0, remote crypto endpt.: 170.232.32.14/0
      path mtu 1500, ipsec overhead 74, media mtu 1500
      current outbound spi: DE0F8FBD
      current inbound spi : 3F762BC5

    inbound esp sas:
      spi: 0x3F762BC5 (1064709061)
         transform: esp-aes-256 esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, }
         slot: 0, conn_id: 244334592, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (3915000/28554)
         IV size: 16 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x00000001
    outbound esp sas:
      spi: 0xDE0F8FBD (3725561789)
         transform: esp-aes-256 esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, }
         slot: 0, conn_id: 244334592, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (3915000/28554)
         IV size: 16 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x00000001

2 REPLIES
New Member

S2S VPN Interesting traffic not comming up

Kindly, advice with your valuable inputs.

New Member

S2S VPN Interesting traffic not comming up

Kindly, advice experts.

90
Views
0
Helpful
2
Replies