from 126.96.36.199 to 188.8.131.52 - and it's 0 bytes count here (usually it's increasing)
and from 184.108.40.206 to 220.127.116.11 - it's increasing value (when i ping, or try to connect via ssh for example)
On Cisco ASA in SiteToSite section status i see:
Bytes TX = 0 and it's not increasing (usually it's increasing number)
Bytes RX = increasing number
And when i trying to access some IP from 192.168.151.0/24 or from 10.1.1.0/24 via http or ssh, etc i see in ASA logs something like this: deny tcp (no connection) from flags ack
But at the same time pings is sending from both sides (they just become very high value)
Phase 1 and Phase 2 established fine.
And the most strange thing that issue comes periodically - for example it's didn't work all day yesterday, but today all working just fine for sometime ( I even didn't reboot or change configuration on devices).
Would probably need to see some logs of your connection attempts (Built/Teardown). Also would be good to see the whole log message that you mention.
The log message you mention is usually result of a situation where a connection that was formed through the ASA was already removed either by the ASA or even the client/server pair and one of the hosts tries to still send data with the same source/destination port.
Sometimes its the result of asymmetric routing where ASA only sees the other direction of the connection attempt for example and therefore blocks it.
In the above case its just seems to me that ASA does not have an existing TCP connection to which that incoming packet belongs to and therefore blocks it.
You seem to have the latest software version of the 8.2 series though if thats the full version number then you dont seem to have the later releases that fix existing bugs.
We used to have a VPN related bug on 2 different VPN devices when they were running 8.2(1). The problem was that the ASA stopped encrypting traffic. In other words you would stop seeing transmitted (Tx) traffic on the VPN Connection. This could usually be corrected with a reboot or changing the Active firewall in a Failover pair.
I am not sure if the software level you mention has the bug. Think we updated the other one to 8.2(5) after the problem and it has not appeared again.
When the problem situation is on you could try the "packet-tracer" command on the ASA to simulate traffic going to the VPN and see if the packet tracer even goes through (it does not generate actual traffic to the connection)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...