Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
249
Views
0
Helpful
3
Replies

Traffic not flowing through Site-to-Site tunnel when trying to add a new subnet

preetpeethambaran
Level 1
Level 1

‎04-12-2016 10:46 PM

I am trying to add a new subnet to Site-to-Site VPN tunnel which is already connected between ASA firewall and Fortinet firewall on remote side.

When i add this new subnet, tunnel is up but after adding the new subnet, my existing traffic including this new subnet is not going through tunnel.

When i do a packet tracer from ASA, the traffic is getting dropped at VPN.

Please find the steps i have done for adding this new subnet.

1) Added the new subnet in Crypto Access list.

2) Added the new subnet in NAT excemption

On remote side also this new subnet is added to the tunnel without hitting nat and route to this new subnet is also pointing to tunnel.

Kindly let me know where i have to look into further for troubleshooting.

Labels:
0 Helpful
3 Replies 3

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎04-12-2016 10:53 PM

Hi,

What is the status of sh cry ipsec sa for this tunnel ?

Regards,

Aditya

0 Helpful

preetpeethambaran
Level 1
Level 1
In response to Aditya Ganjoo

‎04-13-2016 12:26 AM

Hi,

Sh crypto ipsec status is up, but packet is not getting encry/decry, even the existing subnet which was working fine before adding the new subnet.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to preetpeethambaran

‎04-13-2016 12:49 AM

Hi,

Could you clear the ipsec tunnel and then check ?

Regards,

Aditya

0 Helpful
Customers Also Viewed These Support Documents