02-02-2019 03:36 PM - edited 03-12-2019 05:33 AM
I have inherited an environment which relies on several Cisco ASAs to allow multiple sites to connect to our HQ. I am trying to connect a 5506 to a 5516.
Today, our ISP moved one branch over to a new IP range. I have updated the ASA with the new IP range but am now unable to complete the site to site link.
The IKEv2 link is established, but both sites only show an increase in TX, while RX remains constantly at 0.
Packet Tracer seems to show packets able to leave ok, but incoming packets get dropped "(acl-drop) Flow is denied by a configured rule". I think I have a problem with NAT or Crypto map but I don't know where to begin.
The rules are quite messy and difficult to understand and i am more familiar with ASDM than the cli.
Any help would be greatly appreciated.
02-03-2019 04:04 AM
02-03-2019 05:25 AM
Hi,
Share both ends ASA configurations.
Regards,
Deepak Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide