cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ASA VPN Tunnel Phase 8 Subtype encrypt : DROP

Chewbakka1
Level 1
Level 1

Hi,

I have set up a new VPN tunnel to a remote site, but the tunnel will not come up.

Running packet-tracer shows that the tunnel is failing with:

Phase: 8
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop

 

I have checked that the access-lists(encryption domain) matches.

I have checked that the return traffic matches the same nat rule as for outgoing traffic.

 

Any ideas what could be the cause for this?

I suspect this could be that the firewall does not have the source network directly connected, and that is why packet tracer cannot source the traffic correctly.

Who Me Too'd this topic