This issue is driving me up the walls. I'm here to use the reddit hive mind to see if I can find a solution.
I have two ASAs. One in the US and one in Europe.
Tunnel is up. Both phase one and Phase 2.
1 IKE Peer: x.x.x.125 Type : L2L Role : responder Rekey : no State : MM_ACTIVE I also see SAs built. show crypto ipsec sa peer x.x.x.125 shows details for the SAs built.
The problem is that I can't ping across. Not just ping, any traffic. When I do a packet capture on the outside interface of both FWs, I see esp (proto-50) packets leaving US, hit, EU and leave EU but never get back to the US.
I can show you output of capture if you need it. What's strange is that this starts working randomly for like a day or so and then goes back down for a day or so.
Additional information is that the US ASA has several other tunnels that are working with no issues.
Has anyone had anything like this?
edit: one more thing. One packet out of like 100 gets through.
smokeping (from US) to a host on the other side of the tunnel. https://i.imgur.com/xV8II57.png
smokeping to the outside interface of the ASA is pure green.
No comments:
Post a Comment