03-14-2013 01:01 PM - edited 02-21-2020 06:45 PM
Hi all,
We are setting up a Site-To-Site VPN Tunnel and we recently setup hairpinning to get the traffic from outside users through the tunnel. We are now able to ping servers over there, but using anything BUT ping doesn't work. We have the rules currently allowing any traffic to the other site, so I'm not certain why its getting blocked.
We did have an issue with one of the inspection policies before, and it was block everything over there to the datacenter to even ping, once we disabled the one used for netflow data it worked, so I'm thinking it may be related. Any thoughts?
03-14-2013 01:21 PM
To add more of a description to it, we get the following when we run a packet trace
Source: IP in the VPN Range
Destination: IP in the Remote Site Range
Port: HTTPS for testing
Interface: Outside
Failure
WEBVPN-SVC Action Drop
Info:
(acl-drop)Flow is deinied by configured rule
03-14-2013 02:06 PM
Dear Greg,
Please collect the following outputs:
Before a connection attempt:
logging buffered debbuging
logging buffer-size 1048576
clear logging buffer
!
capture drop type asp-drop all
After a connection attempt:
show log | inc AnyConnect_Client_IP
show capture drop | inc AnyConnect_Client_IP
HTH.
Portu.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: