Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
4
Replies

VPN site to site flow denied by configured rule

Go to solution
MehdiTN
Level 1
Level 1

‎11-08-2018 03:46 AM

Hi Guys, 

flow is not working any more from two sites by vpn site to site, and i'm getting this message in packet tracer.

Can any body telle me where is then problem please  ?

 

Type VPN - subtype encrypt - action drop

ACL-drop  flow is denied from configured rule

 

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to MehdiTN

‎11-08-2018 04:54 AM

Ok, if you've modified the VPN please upload your configuration on here

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎11-08-2018 04:02 AM

Hi,
You are going to have to provide more information in order for us to help.

What is the full output of the packet-trace?
Has the VPN previously worked?
Has anything changed?
What is the output of "show crypto ipsec sa"?
Can you provide the configuration of both firewalls?
0 Helpful

Go to solution
MehdiTN
Level 1
Level 1
In response to Rob Ingram

‎11-08-2018 04:34 AM

Dear RJI,

the vpn worked well before.we tried to add a new vpn and since no more vpn flow.

response of   show crypto ipsec sa : 

   there are no ipsec SAS 

 

i cheked the VPN rule and it's enabled.

i have a backup of the asa 5525, but i'm afraid it might causes more problems.

thanks sir.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to MehdiTN

‎11-08-2018 04:54 AM

Ok, if you've modified the VPN please upload your configuration on here

0 Helpful

Go to solution
mkazam001
Level 3
Level 3

‎11-08-2018 04:07 AM

multiple factors could be causing - in the first instance, vpn tunnel will not come up the first time with packet tracer, usually the 2nd time

regards, mk

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents