IPsec VPN some subnet unable to access to MY

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2019 02:02 AM - edited 09-08-2019 05:20 AM
Hi All,
We have build tunnel to HQ and branch, only some segment on HQ is unable to access application at branch office, but ping is able to ping.
ASA model & version : 5516-X & 9.12(2)
When HQ access to branch our asa get below message.
the asa discarded a tcp packet that has no associated connection in the asa connection table.
Deny TCP (no connection) from 10.251.72.224/53212 to 10.97.108.21/1521 flags RST-ACK on interface outside.
- Labels:
-
Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2019 03:25 AM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2019 05:22 AM
Hi Sorry,
Just added in attach file , 153.139.225.121 is to HQ VPN which from HQ remote lan only 10.251.72.xx/23 unable to access to our LAN network current ASA config.
Please advise.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2019 08:29 AM
Hi Dennis,
I add in the config file , please advise
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2019 01:00 AM
Can you run the packet tracer (with Detail key word) command from both end and share the output.
HTH

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2019 01:36 AM
Hi ,
As attached file,
10.251.72.xx is remote site IP
10.97.108.xx is our local IP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2019 03:01 AM
The packet tracer from remote site syntax is fine?
input is OUTSIDE
packet-tracer input outside tcp 10.251.72.22 1521
I would say that it should be inside
HTH
