Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
1
Replies

flow denied error

prashantrecon
Level 1
Level 1

‎03-23-2012 05:27 AM - edited ‎03-11-2019 03:46 PM

Drop-reason: (acl-drop) Flow is denied by configured rule eeror on asa

When i run the packet tracer i am geeting above eeror

Phase 1 is up

But when i excute show crypto ipsec sa

i am not geeting any result

Please suggest

As check access-list, transformset from both side is matching

Put when ever i access the far end server Phase 1 is active but not able to access

Labels:
0 Helpful
1 Reply 1

frederic_hohn
Level 1
Level 1

‎03-23-2012 07:04 AM

I think the packet-tracer tool generates a real packet, wich will need the sa to be established.

Your ipsec tunnel is not established, if you don´t have an ipsec sa.

What output does the monitor-log bring if you try to establish the tunnel?

Try debugging for more information:

debug crypto ipsec, dont forget the term moni.

The output from both sides should help you to find the mistake in the configuration.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card