Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Issue with cisco Site 2 Site VPN..

I have configured site 2 site VPN terminating on asa, also we are doing source nat on the same ASA where VPN is getting terminated.

 

When the requester is initiating the traffic, packets are getting decapsulated but not encapsulated. Can you please share your idea's how to fix it.

 

Regards,

Avinash Kumar Singh

1 REPLY
Hall of Fame Super Silver

I'm not sure I'm clearly

I'm not sure I'm clearly understanding the issue so let me try to say how I read it.

Your site-site VPN is establishing (Phase 1 IKE and Phase 2 IPsec SAs). Otherwise you would not see encap/decap counters.

So we say you are site A and requester is at site B. His traffic to your networks come through the VPN and is decapsulated. Can you see the replies from your network arriving back at the ASA?

If not, you have an internal routing issue.

If so, then the ASA must be deciding for whatever reason that they should not be encapsulated as "interesting traffic". If that's the case, I suggest using packet-tracer utility on the ASA to see what it tells you about the processing of those incoming return traffic packets.

packet-tracer input [src_int] protocol src_addr src_port dest_addr  dest_port

 

22
Views
0
Helpful
1
Replies
CreatePlease to create content