I have an IPSec tunnel to a customer location, very basic configuration on both ends. Tunnel is up, but for some reason I cannot ping the customer equipment unless he pings me first. I can reach each ip address only after I have been pinged from that ip address. I believe it has to be a firewall issue on their end, but the customer insists they are not blocking anything from us. Can anybody think of another reason this issue would take place? Thank you.
Have you looked at your ACL for interesting traffic? It has to match exactly, at both ends. Also, make soure that you're routing properly to them. From the description, it seems to be a VPN misconfiguration issue, and not a firewall one.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.