VPN Connectivity

BHconsultants88 · ‎02-20-2019

Hi guys

I'm hoping someone can help me out with an issue I'm experiencing while trying to get two sites to talk to each other.

Site A - 10.20.4.0 /24

Site B - 192.168.142.0 /24

Site A can talk to Site B via a Cisco ASA (VPN concentrator). Site A can ping Site B's public and LAN IP with no problem.

However, Site B cannot ping Site A even though the tunnel is up. The interesting thing is when Site B restarts the VPN service, pings start but then a minute or so later stops working.

Has anyone seen this behaviour before as it's really puzzling me. I've attached configs for each site.

Thanks in advance.

Dennis Mink · ‎02-20-2019

sounds like site A is keeping the tunnel up,

can you test traffic, using the packet tracer tool on the ASA (are both ends ASA?), to see why traffic gets blocked

Please remember to rate useful posts, by clicking on the stars below.

BHconsultants88 · ‎02-20-2019

Thanks for the response Dennis. I've attached a packet trace test that I ran from the Cisco ASA (from Site B to Site A). I can't see why the drop would occur.

To confuse matters further, site A is using a Digi Trans WR44V2 router (specialist router for industrial environments). Site B is using a VPN device hosted in the AWS cloud.

BHconsultants88 · ‎02-20-2019

Attached are packet traces from Site A to Site B and vice versa on the INSIDE interface