SSL VPN and site to site vpn troubleshooting

BusinessUser · ‎01-18-2024

I have user that can successfully VPN into firewall A.

There is site to site vpn established successfully between firewall A and firewall B.

User is trying to reach a subnet on firewall B.

The traffic was sent from firewall A with a certain number of bytes but received with 0 bytes.

Firewall B did not receive the traffic.

Static route was also configured correctly.

What is the possible issue?

hbac · ‎01-18-2024

Hi @BusinessUser.,

Please run the following debug flow to see if the traffic is being dropped:

di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter saddr x.x.x.x <<<Source IP
di deb flow filter daddr x.x.x.x <<<Destination IP
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 500
diagnose debug enable

Regards,

View solution in original post

AEK · ‎01-18-2024

Just try to NAT your traffic in the policy. Not a necessarily a final solution but just try to see.

AEK

hbac · ‎01-18-2024

Hi @BusinessUser.,

Please run the following debug flow to see if the traffic is being dropped:

di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter saddr x.x.x.x <<<Source IP
di deb flow filter daddr x.x.x.x <<<Destination IP
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 500
diagnose debug enable

Regards,

mle2802 · ‎01-18-2024

Hi @BusinessUser,

In addition to Hong reply, can you also run sniffer using

diag sniffer packet any "host X.X.X.X" 4 0 l