Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2L IPSec VPN- At Wits End

I've got 3 ASA 5505, each with AnyConnect access and IPSec tunnels to the other two.  For some reason I can't get the traffic between two of the subnets.

Boxb LAN (137.x)                -->       Dal LAN (139.x)       =     BAD

Boxb AnyConnect (237.x)     -->       Dal LAN (139.x)      =      Good

Boxb LAN (137.x)                -->       Wal LAN (138.x)       =     Good

Boxb AnyConnect (237.x)     -->       Wal LAN (138.x)      =      Good

Dal LAN (139.x)                -->          Boxb LAN (137.x)       =     BAD

Dal AnyConnect (230.x)     -->          Boxb LAN (137.x)      =      Good

Dal LAN (139.x)                -->       Wal LAN (138.x)       =     Good

Dal AnyConnect (239.x)     -->       Wal LAN (138.x)      =      Good

Everything works fine to/from the Waltham ASA, and if you're connected via AnyConnect connections.  Just the 192.168.137.x to/from 192.168.139.x subnets can't talk. 

I can see the ICMP connections being built and torndown when I ping across those subnets, but no other errors are logged. 

I've attached the running configs and outputs of "sh crypto ipsec sa detail" from Dallas and Boxb. Can someone take a look?

Everyone's tags (3)
CreatePlease login to create content