cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
282
Views
0
Helpful
1
Replies

ASA to VPN3015 Site-to-site Tunnel - One Way Traffic

tom.gill
Level 1
Level 1

Scenario:

-ASA5505 v7.2(3) at remote site (public IP)

-VPN3015 v4.7.2

The site-to-site tunnel comes up. When I do 'show crypto ipsec sa' I can see traffic being transmitted FROM the ASA and received by the VPN3015. The problem is I see no traffic being transmitted by the VPN3015 and no traffic being received by the ASA.

I have a static route in the VPN3015 pointing to the network behind it. Also, the devices behind the VPN3015 have routes back to the remote site via the VPN3015.

This is a standard site-to-site tunnel in tunnel mode. Nothing special. No NAT, no fancy filters, etc.

I can't seem to figure this out. It would be awesome if someone had an idea for me.

Thanks!

1 Reply 1

iraban
Level 1
Level 1

Normally when you see traffic on one side and none on the other, its a ACL problem

Check the ACL on the ASA and the local and remote subnets on the 3015, they should be the opposite mirror each other(3015 should point to ASA and ASA should point to 3015) the ACLS will be exactly the opposites.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: