Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
0
Helpful
2
Replies

ASA 5505 Easy VPN Setup allows site B to access site A but not the other way around.

junorefts
Level 1
Level 1

‎03-09-2014 10:10 AM

Hello,

I have two ASA 5505 devices that were working great until our Comcast modem started having problems and Comcast replaced it with a new/different model.  Since then the EasyVPN server at Site A cannot access the network at Site B.  Site B can access site A without any issues.

What would be the best place to start diagnosing this?

Thank you

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-09-2014 11:29 AM

Where was the change done?

 

On the side where the Easy VPN lives or on the client side?

 

What mode are you using? NEM?

 

Whenever you send traffic to the other side, do you see the crypto ipsec sa encrypting packets counters increasing? If yes do you see the decryption hits on the other side?

 

Regards,

 

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

junorefts
Level 1
Level 1
In response to Julio Carvajal

‎03-24-2014 09:34 AM

Hello,

my appologies for the late reply.  I have been working through this problem and trying to gather more information.

 

The change was made on the Easy VPN server side.  The client can get in but the devices on the Easy VPN side cannot communicate with the devices behind the client side.

 

NEM is not implemented.

 

How can I check these packets?

 

Thanks!

0 Helpful
Customers Also Viewed These Support Documents