Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Hall of Fame Super Silver

ASA Dropping Traffic

I am trying without success to allow traffic through a VPN that terminates on my ASA firewall. It is a site to site VPN with the distant end being a Juniper Netscreen. It is a working tunnel and I am trying to add access to a specific pair of hosts to and from a specific subnet. When I use the packet tracer tool in ASDM it report that the flow is not allowed because of "(acl-drop) Flow is denied by configured rule." this happens in the VPN section of the packet tracer display.

The flow I was tracing was from port 49 (on the inside) to also on port 49 (on the outside).

My cryptomap acl includes the following line:

access-list outside_cryptomap_20 line 1 extended permit ip host (hitcnt=330) 0x46d3dd4b

However the ASA syslog is filling up with entries like:

3    Dec 27 2009    08:03:55    713042             IKE Initiator unable to find policy: Intf outside, Src:, Dst:

The help for this message says to check my L2L policies. The cryptomap ACL would seem to be the relevant policy.

What am I doing wrong?

CreatePlease to create content