Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA site to site VPN

Site-to-site VPN won't come up.

I see the message below in the logs.

%ASA-6-110002: Failed to locate egress interface for "protocol" from inside:"IP" to "IP"
 

3 REPLIES
Cisco Employee

Hi, please share outputs of

Hi,

 

please share outputs of debug cry isa 128 or debug cry ikev1 128.

 

Please use this command before using the debugs

debug cry condition peer <IP>

 

Also share the configuration of both ends.

New Member

Figured out the problem.There

Figured out the problem.

There was a router performing NATing that prevented the phase 1 to come up. I did trace it, i just checked the configuration of the router.

What is the process to trace these type of problems?

How are the packets encapsulated/decapsulated?

Hi,Did you check the ASA

Hi,

Did you check the ASA routing table? it seems like the ASA does not know which exit interface it would use to reach that destination.

Regards,

Aref

85
Views
0
Helpful
3
Replies