Thursday, January 9, 2020

AWS to ASA tunnel UP but not passing traffic

I have been beating my head against a wall for a little over a week now trying to set up a IPSEC VPN tunnel between my CISCO ASA 5525 and an AWS VPC. The relevant show commands and logs show that phase one and two of the tunnel are up, and the show crypto ipsec sa shows my firewall encrypting packets, but I am not receiving anything.

I do not have access to the AWS end, but the tunnel portal shows up on the primary tunnel and down on the secondary (as expected, the other tunnel is secondary and only comes up when the primary goes down). AWS support claimed it saw traffic leaving the VPC tunnel gateway, but not receiving anything back from me.

Any help would be greatly appreciated.



No comments:

Post a Comment