Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
175
Views
0
Helpful
0
Replies

Flow is denied by configured rule, but only from time to time

srdjankatic
Level 1
Level 1

‎04-08-2015 05:06 AM

Hi,

 

I have very strange issue. I have internal network coming from non-cisco router (no ACLs there) into LAN where CISCO ASA5515-X has Inside interface in.

ASA also terminates 10+ remote VPN L2L tunnels on Outside int. From time to time I cannot access some of the remote networks over VPN tunnel from internal network . It does not work for days and then it start working normally, after few days some other network has same issue and so on...

I was suspecting on non-cisco router all the time but it turned out that ASA is the one that blocks traffic. When I do packet trace VPN ENCRYPT phase drops packet saying that Flow is denied by configured rule which is absurd since it was working fine 10 minutes before that. I went through all access lists on ASA but nothing seems suspicious, more over the fact it is working from time to time is also weird.

Do you have any idea what it could be?

I could post config and network map but it is big and complex so maybe to start from some idea what to look at..

Thank You,

Srdjan

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents