08-25-2021 11:05 AM - edited 08-26-2021 01:39 AM
Hi,
I'm trying to set up S2S VPN connection between Cisco ASA and Cisco Firepower.
On the ASA site I used Packet-Tracer to troubleshooting the problem. I got an error: "(acl-drop) Flow is denied by configured rule" - You can see more information in the attached picture.
Any idea how I can figure out which rule blocking my S2S VPN connection?
Thank you and have a nice day,
VK
08-26-2021 01:13 AM
There really aren't much details in provided screenshot. However, based on message that it is dropped by implicit rule, I would assume you haven't permitted this traaffic on your input interface.
BR,
Milos
08-26-2021 02:09 AM
Hi Milos,
thank you for the reply. I added one more picture for more information's.
I running Packet Tracer on ASA side so I suppose that you are talking about the input interface on Firepower side?
Is there any option, how to find out which rule is blocking VPN connection?
Thank you and have a nice day
08-26-2021 02:14 AM
You need to permit required traffic on ACL attached to 'my-lan' interface. There is no specific rule that is blocking this traffic, as your initial screenshot shows that 'Implicit rule' is blocking it, meaning that you just havent permitted this traffic in your ACL (and by default, if not explicitly permitted, it will be blocked).
BR,
Milos
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: