Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
2
Replies

Site-to-site VPN between two ASAs, one does not encrypt traffic

network_user
Level 1
Level 1

‎12-07-2011 02:21 PM

Hello,

I have a site-to-site VPN established between two ASA firewalls. It was working fine for a while now, however VPN was brought down due to some other outage in the network. Now the VPN comes back up (both phases established), but I do NOT see "encaps", encrypts" on one ASA. That means one of the ASAs is not encrypting traffic, and so it gets dropped. I dont even see any hits on the crypto ACL of this ASA.

I have made sure that the inside traffic is not NATed and I have a route to remote network thorugh the interface where crypto is applied.

Does any one have any suggestions of how to debug/resolve this issue?

Thank you!

Labels:
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎12-08-2011 02:42 AM

check your asa is actually receiving the traffic to encrypt/send

Sent from Cisco Technical Support iPad App

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-08-2011 11:08 AM

Is the cryptomap acess-list being called by the tunnel in question at the errant end?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents