Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
3
Replies

NAT rule is denying traffic through S2S vpn tunnel on 5510 (8.02)

htacisocnet
Level 1
Level 1

‎09-09-2007 08:22 AM

I swapped out our PIX with an ASA 5510 v8.02 and one of tunnels won't allow traffic through. The dynnamic NAT rule shows up as the culprit in packet tracer. Our traffic has to be NATed to get to their site DMZ servers. Not sure what I missed in the conversion from PIX to ASA

Labels:
0 Helpful
3 Replies 3

a.alekseev
Level 7
Level 7

‎09-09-2007 02:54 PM

I think you missed "sysopt connection permit-vpn"

0 Helpful

htacisocnet
Level 1
Level 1
In response to a.alekseev

‎09-10-2007 05:49 AM

That was missing. So I issued the command but it dinn't change anything. I also see the following error for traffic that should be allowed through the tunnel

Sep 10 2007 08:45:09 106001 192.168.72.102 Stibo_HTQuark Inbound TCP connection denied from 192.168.72.102/2898 to Stibo_HTQuark/11207 flags SYN on interface Inside

0 Helpful

htacisocnet
Level 1
Level 1
In response to htacisocnet

‎09-10-2007 10:31 AM

Found the problem. It was in the ACL used for Group Policy on the Tunnel Group.

0 Helpful
Customers Also Viewed These Support Documents