12-09-2019 10:02 AM - edited 02-21-2020 09:45 AM
Hi,
I have set up a new VPN tunnel to a remote site, but the tunnel will not come up.
Running packet-tracer shows that the tunnel is failing with:
Phase: 8
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
I have checked that the access-lists(encryption domain) matches.
I have checked that the return traffic matches the same nat rule as for outgoing traffic.
Any ideas what could be the cause for this?
I suspect this could be that the firewall does not have the source network directly connected, and that is why packet tracer cannot source the traffic correctly.