Is the ASA configured for VPN correctly? Check, your tunnel group configuration. If outbound is working and inbound is not working, then that means the ASA is not able to receive the VPN traffic properly.
One instance is, if you are using certificates and have not configured trustpoint in the tunnel group but have configured it on the crypto map. Snippet from http://www.cisco.com/en/US/docs/security/asa/asa70/system/message/logmsgs.html#wp1285757 710006 Error Message %PIX|ASA-7-710006: *protocol* request discarded from *source_address* to *interface_name:dest_address* Explanation : This message appears when the security appliance does not have an IP server that services the IP protocol request; for example, the security appliance receives IP packets that are not TCP or UDP, and the security appliance cannot service the request. Recommended Action In networks that heavily utilize broadcasting services such as DHCP, RIP or NetBios, the frequency of this message can be high. If this message appears in excessive numbers, it may indicate an attack. With regards Kings On Wed, May 18, 2011 at 10:29 AM, Serious CCIE <[email protected]>wrote: > asa in single mode, no nat-control > > R1-------ASA > straight IOS to ASA l2l tunnel. > > in what case I should see "%ASA-7-710006: ESP request discarded from" > error? > > inbound to outbound is working but not inbound. > > sysopt connection permit is enabled. Why would I need a ACL to permit ESP? > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
