Hi, In case the routing and config is correct, try upgrading to 8.2.3 version, there is a known bug with this behaviour, which is fixed in 8.2.3.
Regards, ~ Harry On 12/12/10, Kingsley Charles <[email protected]> wrote: > Your ACL has multiple ACEs right? Does your 2nd subnet have proper routing? > > With regards > Kings > > On Sun, Dec 12, 2010 at 9:59 AM, Sidney Spencer <[email protected]> wrote: > >> I recently updated a spoke router to a 2911. This router reaches back to >> my hub ASA 5520 via a VPN connection. I am experiencing a strange issue >> as >> follows: >> >> The VPN tunnel is established, the encryption domain configured on both >> sides are configured with two ACL's both reversed from each other. I can >> ping through the tunnel one of the encrypted networks but for some reason >> i >> can not ping the second network. If I do a show crypto ipsec sa peer >> xxx.xxx.xxx.xxx on the hub i show show decaps but no encaps . I checked >> my >> nonat and encryption statements on both sides they are accurate, same ACL >> just different network as the one that is working. >> >> ASA is running 8.2(2) code and 2911 is running 15.0 code. >> >> The thing is I have about 70+ different locations the exact same config >> except different model of routers all reaching back to the HUB. This is >> the >> only one experiencing the problem. >> >> Was wondering if anyone had any thoughts or ran into this issue before. >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
