Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1230
Views
0
Helpful
2
Replies

packet tracer type vpn subtype encrypt result DROP

clark white
Level 2
Level 2

‎09-19-2017 04:59 AM - edited ‎02-21-2020 06:19 AM

Dears

i have a L2L vpn from branch to HQ and everthing works fine i am adding a new subnet in the vpn access-list exactly as per the cisco recommendation mirror access-list on both ends, But still the connection to the ISE server on port 1645 fails my branch switches are not able to reach the ISE server in HQ.

The strange part is the packet-tracer some time shows me results all ok and within a seconds if i run again it shows me vpn encrypt packet drop.

 

Please find the attached packet tracer output.

 

 

 

 

Labels:
Preview file
7 KB
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎09-19-2017 07:42 PM

Hello,

 Should be nice if you put firewall config here. Only one question, does Firewall has route to the new subneteork?

0 Helpful

clark white
Level 2
Level 2
In response to Flavio Miranda

‎09-20-2017 12:18 PM

i can paste the config but i  have routes pretty sure for that

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card