I recently updated a spoke router to a 2911. This router reaches back to my hub ASA 5520 via a VPN connection. I am experiencing a strange issue as follows:
The VPN tunnel is established, the encryption domain configured on both sides are configured with two ACL's both reversed from each other. I can ping through the tunnel one of the encrypted networks but for some reason i can not ping the second network. If I do a show crypto ipsec sa peer xxx.xxx.xxx.xxx on the hub i show show decaps but no encaps . I checked my nonat and encryption statements on both sides they are accurate, same ACL just different network as the one that is working. ASA is running 8.2(2) code and 2911 is running 15.0 code. The thing is I have about 70+ different locations the exact same config except different model of routers all reaching back to the HUB. This is the only one experiencing the problem. Was wondering if anyone had any thoughts or ran into this issue before.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
