I have an ASA with a vpn tunnel on it. That tunnel has a network object-group in its encryption domain with 14 addresses in it.
Of these 14 destinations, 12 pass traffic onto the directly connected next hop firewall, and 2 do not reach the next hop. I verified routing for each address and they are all the same, and no ACL is blocking the traffic.
I tried deleting and re-adding the two addresses to the object-group.
Any ideas?
I am able to bring up the tunnel using packet tracer to initiate traffic on those IPs, so the IPs aren’t missing from the other side.
No comments:
Post a Comment