Otdfbt

Definition of 'vrit'

Bash function: Execute $@ command with each argument in sequence executed separately

How to sort human readable size

What kind of chart is this?

How did the European Union reach the figure of 3% as a maximum allowed deficit?

In a Fish that is not a Fish

Explicit song lyrics checker

You may find me... puzzling

How to ask if I can mow my neighbor's lawn

How to make all magic-casting innate, but still rare?

Can a character with the Polearm Master feat make an opportunity attack against an invisible creature that enters their reach?

Print the new site header

I just entered the USA without passport control at Atlanta airport

How can caller ID be faked?

Using roof rails to set up hammock

Why swap space doesn't get filesystem check at boot time?

cannot access to my session

Justifying Affordable Bespoke Spaceships

How do I become a better writer when I hate reading?

Having some issue with notation in a Hilbert space

How to write a nice frame challenge?

I wish, I yearn, for an answer to this riddle

Scaling an object to change its key

Credit card validation in C

Site-To-Site VPN does not work for one specific subnet

I have a site to site VPN tunnel set up between offices, when I connect from home to either I cannot see the other sideSonicwall VPN only working for one remote subnetSite-to-Site IPSec VPN: bridged onlySplit tunnelling for Site to Site VPN on Cisco ASACisco ASA 5520 configuration on two SITE, A and BCisco ASA 5500 - SIP ports other than 5060Routing Help Needed - Site to Site VPNPlan for software site-to-site VPN in AWS VPCCisco ASA 5505 IPSEC VPN Connecting but not routing trafficCisco ASA 5505 can't talk to anything on Site-to-Site VPN

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

We are using Cisco 5500 series ASA for sites HQ and BX and there is a site-to-site vpn in between,

BX (subnet 192.168.6.0) can access to subnet 192.168.200.0 subnet at HQ but can't access 192.168.0.0 subnet at HQ.

Packet trace shows us that the data is being transmitted to both sites but it drops. I can't locate the source of the problem. I sense it is regarding routing but can't point the problem.

I know that it is better for me to post the logs but I don't know how. I need a hand on this, noobe here.

Thanks and happy new year.
K.

cisco-asa site-to-site-vpn

share|improve this question

asked Jan 2 '13 at 22:43

user151692user151692

62

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  When you say 192.168.0.0 subnet, do you mean 192.168.0.0/24 subnet? And what do you mean by "to both sites"?
  
  – David Schwartz
  Jan 2 '13 at 22:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Is the endpoint of the VPN at HQ on the 192.168.200.0 subnet? If so, has the 192.168.0.0 subnet been configured with a route back to the 192.168.6.0 subnet? Is there a conflict with another subnet, possibly at the end of another site-to-site VPN? Consider the networks of any business partners.
  
  – Jonathan J
  Jan 2 '13 at 23:00
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the comment. HQ has a couple of subnets: 200.x, 0.x, and 1.x. Where can I identify if it is routed back to BX site (6.x) subnet?
  
  – user151692
  Jan 3 '13 at 17:03
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  David, Yes that's what I meant. To both sites means that from Point A to B and Point B to A I am getting all the green checks with package track.
  
  – user151692
  Jan 3 '13 at 18:14
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  We called Cisco, and they confirmed that this was a bug of the ASA we use. The data was not being encrypted so ASA was not sending it back. Guess what? Tech told us to restart the firewall, and problem went away. It sounds stupid, but sometimes you have to remember: Router is a fing router and it requires fing restart. Excuse my language but I really got frustrated.
  
  – user151692
  Jan 10 '13 at 21:08
  

  
  
  
  

add a comment | 

1

We are using Cisco 5500 series ASA for sites HQ and BX and there is a site-to-site vpn in between,

BX (subnet 192.168.6.0) can access to subnet 192.168.200.0 subnet at HQ but can't access 192.168.0.0 subnet at HQ.

Packet trace shows us that the data is being transmitted to both sites but it drops. I can't locate the source of the problem. I sense it is regarding routing but can't point the problem.

I know that it is better for me to post the logs but I don't know how. I need a hand on this, noobe here.

Thanks and happy new year.
K.

cisco-asa site-to-site-vpn

share|improve this question

asked Jan 2 '13 at 22:43

user151692user151692

62

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  When you say 192.168.0.0 subnet, do you mean 192.168.0.0/24 subnet? And what do you mean by "to both sites"?
  
  – David Schwartz
  Jan 2 '13 at 22:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Is the endpoint of the VPN at HQ on the 192.168.200.0 subnet? If so, has the 192.168.0.0 subnet been configured with a route back to the 192.168.6.0 subnet? Is there a conflict with another subnet, possibly at the end of another site-to-site VPN? Consider the networks of any business partners.
  
  – Jonathan J
  Jan 2 '13 at 23:00
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the comment. HQ has a couple of subnets: 200.x, 0.x, and 1.x. Where can I identify if it is routed back to BX site (6.x) subnet?
  
  – user151692
  Jan 3 '13 at 17:03
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  David, Yes that's what I meant. To both sites means that from Point A to B and Point B to A I am getting all the green checks with package track.
  
  – user151692
  Jan 3 '13 at 18:14
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  We called Cisco, and they confirmed that this was a bug of the ASA we use. The data was not being encrypted so ASA was not sending it back. Guess what? Tech told us to restart the firewall, and problem went away. It sounds stupid, but sometimes you have to remember: Router is a fing router and it requires fing restart. Excuse my language but I really got frustrated.
  
  – user151692
  Jan 10 '13 at 21:08
  

  
  
  
  

add a comment | 

We are using Cisco 5500 series ASA for sites HQ and BX and there is a site-to-site vpn in between,

BX (subnet 192.168.6.0) can access to subnet 192.168.200.0 subnet at HQ but can't access 192.168.0.0 subnet at HQ.

Packet trace shows us that the data is being transmitted to both sites but it drops. I can't locate the source of the problem. I sense it is regarding routing but can't point the problem.

I know that it is better for me to post the logs but I don't know how. I need a hand on this, noobe here.

Thanks and happy new year.
K.

cisco-asa site-to-site-vpn

share|improve this question

asked Jan 2 '13 at 22:43

user151692user151692

62

share|improve this question

asked Jan 2 '13 at 22:43

user151692user151692

62

share|improve this question

asked Jan 2 '13 at 22:43

user151692user151692

62

asked Jan 2 '13 at 22:43

user151692user151692

62

asked Jan 2 '13 at 22:43

user151692user151692

62

1 Answer
1

active

oldest

votes

0

It was a bug in the firewall. Cisco confirmed it. Router restart fixed the problem.

share|improve this answer

answered Jan 10 '13 at 21:10

user151692user151692

62

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  We're seeing similar issues -- did they give you a bug ref at all? what code version is your ASA on?
  
  – user152910
  Jan 10 '13 at 21:57
  
  

  
  
  
  

add a comment | 

protected by Michael Hampton♦ Feb 22 '13 at 15:26

Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



Would you like to answer one of these unanswered questions instead?

0

It was a bug in the firewall. Cisco confirmed it. Router restart fixed the problem.

share|improve this answer

answered Jan 10 '13 at 21:10

user151692user151692

62

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  We're seeing similar issues -- did they give you a bug ref at all? what code version is your ASA on?
  
  – user152910
  Jan 10 '13 at 21:57
  
  

  
  
  
  

add a comment | 

0

It was a bug in the firewall. Cisco confirmed it. Router restart fixed the problem.

share|improve this answer

answered Jan 10 '13 at 21:10

user151692user151692

62

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  We're seeing similar issues -- did they give you a bug ref at all? what code version is your ASA on?
  
  – user152910
  Jan 10 '13 at 21:57
  
  

  
  
  
  

add a comment | 

It was a bug in the firewall. Cisco confirmed it. Router restart fixed the problem.

share|improve this answer

answered Jan 10 '13 at 21:10

user151692user151692

62

share|improve this answer

answered Jan 10 '13 at 21:10

user151692user151692

62

answered Jan 10 '13 at 21:10

user151692user151692

62

answered Jan 10 '13 at 21:10

user151692user151692

62