Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Tunnel up but not passing traffic

I have a site to site tunnel between two 5520 ASAs.  Tunnel is up but when I try to talk to the other side, the implicit deny on the inside interface of the local ASA blocks the traffic.  When I ping, the tunnel comes up but in the logs it says it is blocking icmp from inside to outside.  I have tried the sysopt connection permit-vpn but it is not working.  The traffic is from 5 specific machines within the local subnet that I put in a network object group called Celerra_Replication. I want to them to be able to talk to 5 machines on the far end of the tunnel in a seperate subnet.  They are in a netwrok object group called GP_Celerra_Replication The ACLs I created for this appear to be created correctly allowing IP from Celerra_replication to GP_Celerra_Replication and the opposite on the other side.  Any ideas?


Tunnel up but not passing traffic

What does your ACL statement look like for defining access from your Celerra_Replication network, to your GP_Celerra_Replication network?

Also, do you reference that ACL in your crypto map?

A sanitized config may help me help you


CreatePlease to create content