ASA to VPN3015 Site-to-site Tunnel - One Way Traffic

Unanswered Question

Scenario:

-ASA5505 v7.2(3) at remote site (public IP)

-VPN3015 v4.7.2


The site-to-site tunnel comes up. When I do 'show crypto ipsec sa' I can see traffic being transmitted FROM the ASA and received by the VPN3015. The problem is I see no traffic being transmitted by the VPN3015 and no traffic being received by the ASA.


I have a static route in the VPN3015 pointing to the network behind it. Also, the devices behind the VPN3015 have routes back to the remote site via the VPN3015.



This is a standard site-to-site tunnel in tunnel mode. Nothing special. No NAT, no fancy filters, etc.


I can't seem to figure this out. It would be awesome if someone had an idea for me.


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
iraban Fri, 02/22/2008 - 08:48

Normally when you see traffic on one side and none on the other, its a ACL problem

Check the ACL on the ASA and the local and remote subnets on the 3015, they should be the opposite mirror each other(3015 should point to ASA and ASA should point to 3015) the ACLS will be exactly the opposites.


Actions

This Discussion