06-15-2018 05:21 AM - edited 03-12-2019 05:22 AM
Solved! Go to Solution.
06-15-2018 07:42 AM
06-15-2018 05:31 AM
06-15-2018 05:36 AM
I can't provide the config, but here is the packet tracer. The other networks in the crypto maps show the VPN encrypt phase, just not on the 19 network.
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.19.0 255.255.255.0 inside
Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside in interface inside
access-list inside extended permit tcp any any eq www
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat-control
match ip inside 192.168.19.0 255.255.255.0 outside 192.168.115.0 255.255.255.0
NAT exempt
translate_hits = 3793, untranslate_hits = 0
Additional Information:
Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
nat-control
match ip inside any outside any
dynamic translation to pool 1 ( [Interface PAT])
translate_hits = 1576875518, untranslate_hits = 201112143
Additional Information:
Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
nat-control
match ip inside any outside any
dynamic translation to pool 1 ( [Interface PAT])
translate_hits = 1576875518, untranslate_hits = 201112143
Additional Information:
Phase: 9
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 3450088663, packet dispatched to next module
Phase: 11
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop using egress ifc outside
adjacency Active
next-hop mac address hits 35780
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
06-15-2018 05:40 AM
06-15-2018 06:21 AM
Found out it was a missing access list in the crypto map! looks like its resolved now!
06-15-2018 07:19 AM
06-15-2018 07:42 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide