thanks all, i ended up upgrading to 8.2(3) an rebooting the issue is gone now..
On Sun, Dec 12, 2010 at 9:23 AM, Harshit singh <[email protected]> wrote: > Hi, > > In case the routing and config is correct, try upgrading to 8.2.3 > version, there is a known bug with this behaviour, which is fixed in > 8.2.3. > > Regards, > > ~ Harry > > On 12/12/10, Kingsley Charles <[email protected]> wrote: > > Your ACL has multiple ACEs right? Does your 2nd subnet have proper > routing? > > > > With regards > > Kings > > > > On Sun, Dec 12, 2010 at 9:59 AM, Sidney Spencer <[email protected]> > wrote: > > > >> I recently updated a spoke router to a 2911. This router reaches back > to > >> my hub ASA 5520 via a VPN connection. I am experiencing a strange issue > >> as > >> follows: > >> > >> The VPN tunnel is established, the encryption domain configured on both > >> sides are configured with two ACL's both reversed from each other. I > can > >> ping through the tunnel one of the encrypted networks but for some > reason > >> i > >> can not ping the second network. If I do a show crypto ipsec sa peer > >> xxx.xxx.xxx.xxx on the hub i show show decaps but no encaps . I checked > >> my > >> nonat and encryption statements on both sides they are accurate, same > ACL > >> just different network as the one that is working. > >> > >> ASA is running 8.2(2) code and 2911 is running 15.0 code. > >> > >> The thing is I have about 70+ different locations the exact same config > >> except different model of routers all reaching back to the HUB. This is > >> the > >> only one experiencing the problem. > >> > >> Was wondering if anyone had any thoughts or ran into this issue before. > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > please > >> visit www.ipexpert.com > >> > >> > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
