Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1384
Views
0
Helpful
3
Replies

S2S IPSec VPN - can ping but no HTTP

rkler
Level 1
Level 1

‎05-12-2014 08:51 AM - edited ‎02-21-2020 07:38 PM

i have a site to site VPN tunnel setup and the tunnel is up. I can successfully ping through the tunnel from device to device but when i try to pull up a HTTP page off a web server on one side of the tunnel, it fails.

the ACLs are set to allow any IP traffic..

ASA on one side is v8.3 and the other side its 9.1

Anyone run into this before??

Labels:
0 Helpful
3 Replies 3

Poonam Garg
Level 3
Level 3

‎05-12-2014 10:36 AM

Can you send the output of sh crypto ipsec sa on both the side..

 Also check if there is any vpn-filter is applied under group-policy on any of the ASA.

0 Helpful

rkler
Level 1
Level 1
In response to Poonam Garg

‎05-14-2014 06:01 AM

Thanks for the responses. I found out the issue was with a ScanSafe configuration and i had to add my HTTP site as part of the whitelist..

0 Helpful

David_Che
Level 1
Level 1

‎05-13-2014 07:38 PM

In general, ping work and other traffic no work is due to packet size > path mtu.

you can try to lower host MTU or MSS slamping or disable pmtu totally on host.

0 Helpful
Customers Also Viewed These Support Documents