Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
187
Views
0
Helpful
1
Replies

Issue with cisco Site 2 Site VPN..

Avinash_kumar_singh
Level 1
Level 1

‎05-20-2014 05:15 PM

I have configured site 2 site VPN terminating on asa, also we are doing source nat on the same ASA where VPN is getting terminated.

 

When the requester is initiating the traffic, packets are getting decapsulated but not encapsulated. Can you please share your idea's how to fix it.

 

Regards,

Avinash Kumar Singh

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-20-2014 07:05 PM

I'm not sure I'm clearly understanding the issue so let me try to say how I read it.

Your site-site VPN is establishing (Phase 1 IKE and Phase 2 IPsec SAs). Otherwise you would not see encap/decap counters.

So we say you are site A and requester is at site B. His traffic to your networks come through the VPN and is decapsulated. Can you see the replies from your network arriving back at the ASA?

If not, you have an internal routing issue.

If so, then the ASA must be deciding for whatever reason that they should not be encapsulated as "interesting traffic". If that's the case, I suggest using packet-tracer utility on the ASA to see what it tells you about the processing of those incoming return traffic packets.

packet-tracer input [src_int] protocol src_addr src_port dest_addr  dest_port

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents