01-16-2012 11:31 PM - edited 02-21-2020 05:49 PM
Soho office:
Site a, ASA 5505
10.29.0.xx/24
Main office:
Site b, ASA 5540
10.75.0.xx/24
Tunnel establishes - phase one and two look good. Packet tracer completes successfully from both sides. A client at the soho site can send pings to 10.75.0.xx but recieves no response. I can see the build and teardown on the firewall at the soho side, but I'm not getting a response. When I kill the tunnel, sending a ping will reestablish it from the soho side.
From the main office side, pings sent to 10.29.0.xx return: "TTL Expired in Transit". A traceroute shows the packet looping in the firewall. The ACLs look good, the crypto maps look good, and there are no explicit routes pointing elsewhere. If I drop the tunnel, sending pings from the main office side will not rebuild the tunnel.
Any idea what I'm missing here or what direction to head next?
-JP
Solved! Go to Solution.
01-17-2012 09:34 AM
Post configs for review
01-17-2012 09:34 AM
Post configs for review
01-17-2012 09:52 AM
RESOLVED
The issue was in fact, a routing loop.
The routes applied on the central office side pointed ALL internal traffic back towards the interior network. An explicit route pointing 10.29.xx.xx traffic out resolved the issue.
10-21-2013 11:15 AM
what exactly did you do to resolve the problem? I'm also getting this error message. I used route-map and set ip default next-hop. appreciate your soonest response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide