Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Hall of Fame Super Silver

ASA Dropping Traffic

I am trying without success to allow traffic through a VPN that terminates on my ASA firewall. It is a site to site VPN with the distant end being a Juniper Netscreen. It is a working tunnel and I am trying to add access to a specific pair of hosts to and from a specific subnet. When I use the packet tracer tool in ASDM it report that the flow is not allowed because of "(acl-drop) Flow is denied by configured rule." this happens in the VPN section of the packet tracer display.

The flow I was tracing was from 172.17.25.14 port 49 (on the inside) to 10.10.50.253 also on port 49 (on the outside).

My cryptomap acl includes the following line:

access-list outside_cryptomap_20 line 1 extended permit ip host 172.17.25.14 10.10.48.0 255.255.252.0 (hitcnt=330) 0x46d3dd4b

However the ASA syslog is filling up with entries like:

3    Dec 27 2009    08:03:55    713042             IKE Initiator unable to find policy: Intf outside, Src: 172.17.25.14, Dst: 10.10.50.253

The help for this message says to check my L2L policies. The cryptomap ACL would seem to be the relevant policy.

What am I doing wrong?

605
Views
0
Helpful
0
Replies
CreatePlease to create content