We have VPN established between MERAKI and ASA. Interesting Traffic is assigned .
But at some point of time some of LAN subnets in Interesting traffic from meraki side are not able to reach ASA. The tunnel is working fine rest of the subnets are able to reach the remote ASA peer through tunnel.
No issues observed from ASA end i.e All LAN subnets from ASA are able to reach meraki lan IP's.
I have advertised all my lan subnets with 255.255.0.0. subnet on both sides of peers. Can u please suggest me a solution for this? Thanks in advance.
My guess is their is a mis-match between the encryption domains between the two sides. Which subnets work may well depend on which end brings up the VPN.
Make sure the encryption domain on both sides is 100% identical.
Mismatch in encryption domain means in IPSEC phase or ISAKMP phase?
However both encryption domains are identical in two phases. I can see VPN status in ASA packets encryption and decryption and error rate.
from ASA LAN I am able to reach the meraki LAN ip through VPN tunnel. Vice versa is not possible for specific subnets in meraki LAN sometimes. when I reset tunnel everything is working fine.
After some time again from meraki side only problem repeats.
Maybe the keepalives are being disabled.
Drop tunnel and try some debugging