05-12-2014 08:51 AM - edited 02-21-2020 07:38 PM
i have a site to site VPN tunnel setup and the tunnel is up. I can successfully ping through the tunnel from device to device but when i try to pull up a HTTP page off a web server on one side of the tunnel, it fails.
the ACLs are set to allow any IP traffic..
ASA on one side is v8.3 and the other side its 9.1
Anyone run into this before??
05-12-2014 10:36 AM
Can you send the output of sh crypto ipsec sa on both the side..
Also check if there is any vpn-filter is applied under group-policy on any of the ASA.
05-14-2014 06:01 AM
Thanks for the responses. I found out the issue was with a ScanSafe configuration and i had to add my HTTP site as part of the whitelist..
05-13-2014 07:38 PM
In general, ping work and other traffic no work is due to packet size > path mtu.
you can try to lower host MTU or MSS slamping or disable pmtu totally on host.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide