You can enable logging and check if it goes out and why it is dropped: logging buffered 7 logg on
show logg will reveal all the info. Regards, Piotr 2011/9/23 parvez ahmad <[email protected]> > > Hi Piotr, >> > > IPsec phase 2 is working fine packets are encrypting and decrypting > for 10.50.0.0 subnet. Crypto ACLs are mirror. > > Is there any way to check where the packet is dropping. Except this site > all remote site are synchronized with ntp server. > > Regards, > Parvez > > > > >> ------------------------------ >> >> Message: 4 >> Date: Thu, 22 Sep 2011 15:53:21 +0200 >> From: Piotr Matusiak <[email protected]> >> To: parvez ahmad <[email protected]> >> Cc: [email protected] >> Subject: Re: [OSL | CCIE_Security] NTP Authentication on ASA >> Message-ID: >> < >> cahlkuyq45cdmmjzdofwkpjo4y2svfqgf9q0gyxxjdjnjt9u...@mail.gmail.com> >> Content-Type: text/plain; charset="iso-8859-1" >> >> Do you have routing and Crypto_ACL configured correctly? When the remote >> ASA >> tries to sync with NTP server it sources the traffic from the outside - do >> you have this in crypto_acl? >> >> Regards, >> Piotr >> >> >> 2011/9/22 parvez ahmad <[email protected]> >> >> > Hi All >> > >> > Topology is >> > >> > NTP >> > >> Server------(inside)ASA1(outside)-----------Internet---------(Outside)ASA2(inside)----------Lan >> > >> > ASA1 and ASA2 are connected through site to site VPN. Phase1 and Phase2 >> are >> > working fine. >> > >> > but ASA1 is synchronized with NTP Server but ASA2 is not. >> > >> > I checked with NTP Debug , we are getting Xmit packet but not reciveing >> > packet. >> > >> > even configuration and NTP authentication key are same. On ASA1 Server >> > inside in command and ASA2 server outside. >> > >> > What the we need to check for Synchronizing ASA2 with NTP server. >> > >> > >> > Regards, >> > Parvez >> > >> > -- >> > Parvez Ahmad >> > >> > >> > _______________________________________________ >> > For more information regarding industry leading CCIE Lab training, >> please >> > visit www.ipexpert.com >> > >> > Are you a CCNP or CCIE and looking for a job? Check out >> > www.PlatinumPlacement.com >> > >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> </archives/ccie_security/attachments/20110922/eff37755/attachment-0001.html> >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
