I'll start off by stating that I am just getting back into Cisco so, I'm not entirely up to speed with how things are supposed to work. Along with that, I have just taken over a network where the previous administrator kept 0 documentation.
On an ASA, is there anything that an access-group on an interface would do that a crypto ACL wouldn't?
My situation is that I'm trying to get this Spoke-to-Spoke configured however, it seems to be failing at the VPN ipsec-tunnel-flow phase per the packet-tracer output. Any information, suggestions, or tips would be greatly appreciated.
Attached is the output that I am currently looking at. Please let me know if you require additional information.
... View more
Attached is a packet trace initiated on the HUB ASA using interface HUB-PUB (instead of SiteA_PTP interface) to simulate traffic from SiteA to Site C in order to bring up the tunnel. Below that is the crypto ipsec output. There is no traffic being encrypted because it's searching for input from HUB-PUB instead of SiteA_PTP.
When attempting the packet-trace through SiteA_PTP (after the tunnel is up) there is still no traffic. Additionally, attempting a ping from SiteA server to SiteC Client continues to fail.
Any thoughts or what I should check next?
***EDIT*** After getting the tunnel up and attempting the packet trace from SiteA IP to SiteC on the SiteA ASA, it is now going through successfully. Odd thing is that the tunnel is showing as down on the HUB and the SiteA server still cannot ping the SiteC client.
... View more