10-25-2014 10:24 AM
Site-to-site VPN won't come up.
I see the message below in the logs.
%ASA-6-110002: Failed to locate egress interface for "protocol" from inside:"IP" to "IP"
10-31-2014 02:07 PM
Hi,
please share outputs of debug cry isa 128 or debug cry ikev1 128.
Please use this command before using the debugs
debug cry condition peer <IP>
Also share the configuration of both ends.
10-31-2014 04:01 PM
Figured out the problem.
There was a router performing NATing that prevented the phase 1 to come up. I did trace it, i just checked the configuration of the router.
What is the process to trace these type of problems?
How are the packets encapsulated/decapsulated?
10-31-2014 02:57 PM
Did you check the ASA routing table? it seems like the ASA does not know which exit interface it would use to reach that destination.
Regards,
Aref
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
