Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1194
Views
4
Helpful
15
Replies

IPSEC vpn IKEv1 - some remote subnet are not able to reach HQ server

Go to solution
AirSail
Level 1
Level 1

‎03-15-2023 01:12 PM

Hello ASA Gurus, 

Running into a crazy issue here, we have a VPN concentrator (ASA5516), used a concentrator for more than 100 remote sites (3rf party companies that want access to a specific app) 

recently we noticed an issue, to explain correctly below an exemple

remote site X ( remote Subnet A, B, C) |Meraki Firewall|---<IPSEC VPN IKEV1> --->|ASA55160| local host (Z). 

phase 1 and phase 2 are ok, the customer is able to reach Z from subnets A and C, but he recently noticed that subnet B isn't able to reach anymore to host Z, 

no changes have been made, the main concern that this behavior is now affection other VPN, 

Can someone suggest a diagnostic approach here? I checked #show cryp ipsec sa peer <remote peer> from ASA5516, I can see different SAs for subnets A and C with encry/decry increments except for B, 

NOTE: host Z can reach out to all subnets, A/B/C. which is weird, 

Waiting for your feedback folks, 

 

Labels:
15 Replies 15

Go to solution
MHM Cisco World
VIP
VIP
In response to AirSail

‎03-16-2023 01:40 PM

GOOOOODD JOOOOBB Friend 
and have very nice day 

Customers Also Viewed These Support Documents