ASA's and I don't get along very well. I never had any experience with them before I took my present role, and I was unaware (as were they) as to how integral this knowledge was and is to the position. Surprise Surprise!
Anywho--I am trying to set up a site to site tunnel and when I use the packet tracer to try and contact the remote network I am hit with this particular message:
Action "X" show rule in access rules table, config implicit rule
Result, packet is dropped (acl-drop) flow is denied by configured rule.
Under Site-to-Site VPN under ACL Manager, this particular cryptomap is set as permitted along with the others that are functioning. Neither of them are specifically stated in the firewall section.
IP <Peer IP>
Local Network <Local Network Object>
Remote Network <Remote Network Object>
NAT-T Enabled, PFS Enabled Group #
Nat Rules:
source inside dest ISP source <Local> dest <remote> service any
See, I'm not even sure if I'm running packet tracer from the correct interface.
When I run it from the inside, I get an (rpf-violated) reverse-path verify failed
When I run it from the ISP (outside interface), I get the acl-drop .
No comments:
Post a Comment