Site to Site VPN traffic deny from remote to local

jauhar1980 · ‎12-05-2018

Hi,

We have setup Site to Site VPN and it was working fine but recently its stop working. Following scenario I observe.

1. When traffic is initiated from local to remote VPN gets up and able to access remote Server

2. But when traffic is initiated from remote to local VPN gets up but they are not able to access local server. where as on ASA I am able to see Decrypt Counter are increasing but no Encrypt Counter same I observe on ASDM and Tx 0 Rx increasing.

Kindly let me know how to troubleshoot it as configuration seems okay. Is there any way to check which thing droping traffic. Just want to inform you that we have another VPN which is working fine config difference is as follow:

1. This VPN is using Public Subnet as a trusted remote network whereas working VPN is using private subnet

2. This VPN is using Group 2 PFS but working VPN is not using PFS (this shouldn't be cause of issue).

Just let me know how to troubleshoot it to get which part of ASA is causing issue.

balaji.bandi · ‎12-05-2018

I see couple of points to check.

If you are sure there is ACL in place to access from remote to Local and you see them in real time logs when they accessing ?

What is the remote end try to access local RDP / HTTP what services, ? check Server have any FW in place to eliminate the issues.

also good to have configuration both the sides and tell what IP to IP having issue and some logs for to understand the issue to suggest.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help