Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
2
Replies

Site-to-Site VPN not working. Both sides see aren't seeing return traffic. Capture shows dropped ESP traffic

jomar050485
Level 1
Level 1

‎02-16-2016 07:34 AM

Weird problem here. I have a Site-to-Site VPN that isn't working. Both ASAs have other Site-To-Site VPNs working on them. I know the configuration is correct because it was working fine for months and it hasn't changed.

I have both a successful Phase 1 and Phase 2 but both sides don't show any return traffic. When I do an ASP drop capture at the HQ, I see it dropping ESP packets from an unknown IP. These packets have to be coming from the remote side though because when I reboot the reboot ASA, the packets stop dropping. As soon as the ASA comes back up, I start seeing the packets drop again.

When I do a capture at the remote side, I see it dropping ESP packets from an unknown IP as well. This side also has a successful Phase 1 and Phase 2 but doesn't see any return traffic either.

Any ides on what might be causing this?

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-16-2016 04:35 PM

Can you post a "show crypto ipsec sa peer xxx" from each end please.

Is there anything sitting between the firewalls that is also doing NAT?  Perhaps a router?

0 Helpful

jomar050485
Level 1
Level 1
In response to Philip D'Ath

‎02-18-2016 09:15 AM

Not sure what the deal was. I completely removed the config and pasted it back in and started to work 

Damn you Cisco.

I had already rebooted both devices too.

0 Helpful
Customers Also Viewed These Support Documents