Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
1
Replies

Tunnel up but not passing traffic

BHPCI_2
Level 1
Level 1

‎01-16-2012 01:19 PM

I have a site to site tunnel between two 5520 ASAs.  Tunnel is up but when I try to talk to the other side, the implicit deny on the inside interface of the local ASA blocks the traffic.  When I ping, the tunnel comes up but in the logs it says it is blocking icmp from inside to outside.  I have tried the sysopt connection permit-vpn but it is not working.  The traffic is from 5 specific machines within the local subnet that I put in a network object group called Celerra_Replication. I want to them to be able to talk to 5 machines on the far end of the tunnel in a seperate subnet.  They are in a netwrok object group called GP_Celerra_Replication The ACLs I created for this appear to be created correctly allowing IP from Celerra_replication to GP_Celerra_Replication and the opposite on the other side.  Any ideas?

Labels:
0 Helpful
1 Reply 1

cflory
Level 1
Level 1

‎01-16-2012 10:05 PM

What does your ACL statement look like for defining access from your Celerra_Replication network, to your GP_Celerra_Replication network?

Also, do you reference that ACL in your crypto map?

A sanitized config may help me help you

-Chris

0 Helpful
Customers Also Viewed These Support Documents