Friday, December 3, 2021

Issues with ASA passing vpn traffic to next hop

I have an ASA with a vpn tunnel on it. That tunnel has a network object-group in its encryption domain with 14 addresses in it.

Of these 14 destinations, 12 pass traffic onto the directly connected next hop firewall, and 2 do not reach the next hop. I verified routing for each address and they are all the same, and no ACL is blocking the traffic.

I tried deleting and re-adding the two addresses to the object-group.

Any ideas?

I am able to bring up the tunnel using packet tracer to initiate traffic on those IPs, so the IPs aren’t missing from the other side.



No comments:

Post a Comment