I have strange problem with VPN filter that I have on my L2L IPSect tunnel on ASA.
access-list MY_VPN_Filter extended permit tcp host 188.8.131.52 eq 1414 host 184.108.40.206 access-list MY_VPN_Filter extended permit tcp host 220.127.116.11 eq 1414 host 18.104.22.168
works: access-list MY_VPN_Filter extended permit tcp host 22.214.171.124 eq 1416 host 126.96.36.199 works: access-list MY_VPN_Filter extended permit tcp host 188.8.131.52 eq 1416 host 184.108.40.206
When our hosts initiate traffic: 220.127.116.11 and 18.104.22.168, traffic go to destination port 1416, it works.
When remote host: 22.214.171.124 initiate traffic they come to port: 1414, it does not work.
I don't know what causing the issue, in the VPN port filter ACL.
I also tried this way, but it didn't help.
access-list MY_VPN_Filter extended permit tcp host 126.96.36.199 host 188.8.131.52 eq 1414access-list MY_VPN_Filter extended permit tcp host 184.108.40.206 host 220.127.116.11 eq 1414
Go to Solution.
Yes, you need to coordinate this with the Remote end in order to check what is going with the connection, i will also suggest to use this lines in the VPN Filter:
Let me know the results once you have them.
View solution in original post
When you changed the ACL, did you bounce the VPN tunnel and tested the connection again?
If you make changes on the VPN Filter but you don´t bounce the tunnel, the ASA will remain with the old entries and it doesn´t show the new ones unless you start the tunnel one more time.
If you already did it, run the following commands:
1. Run the command, clear asp-drop
2. Place a capture for Asp-Drops, capture asp type asp-drop all
3. Perform the test and check the capture, verify if the traffic is being dropped.
4. Run the command, show asp-drop, in order to see the reason for the Drop.
Thank for you very much for your post, appreciated.
Yes, after changing the ACL, I killed the phase 2 and phase 1.
About the doing the capture, I could try but it is difficult to coordination with remote system admin (Intel) to initiate traffic from remote-end.
I will keep you posted.
Thanks again for your input.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: