Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1477
Views
0
Helpful
2
Replies

Site to site TX but no RX

Matt87
Level 1
Level 1

‎02-02-2019 03:36 PM - edited ‎03-12-2019 05:33 AM

I have inherited an environment which relies on several Cisco ASAs to allow multiple sites to connect to our HQ. I am trying to connect a 5506 to a 5516.

 

Today, our ISP moved one branch over to a new IP range. I have updated the ASA with the new IP range but am now unable to complete the site to site link.

The IKEv2 link is established, but both sites only show an increase in TX, while RX remains constantly at 0.

 

Packet Tracer seems to show packets able to leave ok, but incoming packets get dropped "(acl-drop) Flow is denied by a configured rule". I think I have a problem with NAT or Crypto map but I don't know where to begin.

 

The rules are quite messy and difficult to understand and i am more familiar with ASDM than the cli.

 

Any help would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎02-03-2019 04:04 AM

Hi,
It probably is a NAT or crypto map issue on either ASA. Is the ASA the default gateway on both sites? If not they may static routes to the local switch/router.
Please provide the configuration of both ASAs firewalls, and indicte the local networks.

HTH
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎02-03-2019 05:25 AM

Hi,

Share both ends ASA configurations. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents