cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
709
Views
0
Helpful
3
Replies

S2S VPN connection denied by configured rule

Hi,

I'm trying to set up S2S VPN connection between Cisco ASA and Cisco Firepower.

 

On the ASA site I used Packet-Tracer to troubleshooting the problem. I got an error: "(acl-drop) Flow is denied by configured rule" - You can see more information in the attached picture.

 

Any idea how I can figure out which rule blocking my S2S VPN connection?

Thank you and have a nice day,
VK

3 Replies 3

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @00u1k25ns4kijaVlv5d7,

There really aren't much details in provided screenshot. However, based on message that it is dropped by implicit rule, I would assume you haven't permitted this traaffic on your input interface.

BR,

Milos

Hi Milos,
thank you for the reply. I added one more picture for more information's.

 

I running Packet Tracer on ASA side so I suppose that you are talking about the input interface on Firepower side?

Is there any option, how to find out which rule is blocking VPN connection?

Thank you and have a nice day

You need to permit required traffic on ACL attached to 'my-lan' interface. There is no specific rule that is blocking this traffic, as your initial screenshot shows that 'Implicit rule' is blocking it, meaning that you just havent permitted this traffic in your ACL (and by default, if not explicitly permitted, it will be blocked).

BR,

Milos

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: