Hi,

We have an IPSEC tunnel configured in Cisco router on both sites. This link is use to access internal tools between two sites. Two days ago, SiteB is unable to access internal tools via https. Please note that ssh, ping, traceroute are working good. SiteA has no problem accessing anything from SiteB.

Here's the config:

SiteA:

interface Tunnel8601
 description ipsec-vti to cnshaccent-gw-3
 ip address 10.255.255.105 255.255.255.252
 ip summary-address eigrp 89 10.65.0.0 255.255.224.0 5
 tunnel source 115.115.6.141
 tunnel destination 115.115.10.41
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile ipsec-vti

router eigrp 89
 redistribute static
 network 10.0.0.0 0.0.0.3
 network 10.65.20.0 0.0.0.255
 network 10.65.21.0 0.0.0.255
 network 10.255.255.104 0.0.0.3

ip route 10.65.21.0 255.255.255.0 10.65.20.1
ip route 10.65.22.0 255.255.255.0 10.65.20.1
ip route 10.65.25.0 255.255.255.0 10.65.20.1
ip route 10.65.26.0 255.255.255.0 10.65.20.1
ip route 10.65.27.0 255.255.255.0 10.65.20.1
ip route 10.65.30.0 255.255.255.0 10.65.20.1
ip route 10.65.31.0 255.255.255.0 10.65.20.1

SiteB:

interface Tunnel65
 description ipsec-vti to sgsineqnix-gw-2
 ip address 10.255.255.106 255.255.255.252
 ip summary-address eigrp 89 10.86.0.0 255.255.224.0 5
 tunnel source 115.115.10.41
 tunnel destination 115.115.6.141
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile ipsec-vti

router eigrp 89
 redistribute static
 network 10.255.255.104 0.0.0.3
 no auto-summary

ip route 10.86.0.0 255.255.255.0 10.86.11.254
ip route 10.86.9.0 255.255.255.0 10.86.11.254
ip route 10.86.12.0 255.255.255.0 10.86.11.254
ip route 10.86.13.0 255.255.255.0 10.86.11.254
ip route 10.86.14.0 255.255.255.0 10.86.11.254
ip route 10.86.20.0 255.255.255.0 10.86.11.254

I also have a firewall on both end. SiteA is using Juniper SSG and SiteB is using Fortinet firewall.
Someone told me it can be an asymmetric routing issue. Can you please advise?

Need your help to resolve this issue.