One way vpn communication

Unanswered Question
Aug 24th, 2010


I have a site-to-site vpn between ASA & PIX.  Configuration are perfectly alright. But the problem is only when i  initiate a traffic from PIX side the ASA side hosts respond. It is like 1  to 1 it response. i.e if PIX side host A initiatez a traffic to ASA  side host A, it will only respond to PIX side host A & not to all  other host. If other hosts has to respond from ASA side, all other hosts  in PIX side should initiate. Not sure what could be the problem here. Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
uwkleinh Tue, 08/24/2010 - 10:31

I recommend you double check your crypto ACL's one more time and ensure your subnet masks are matching correctly. It sounds to me that once the IPSec SA is up traffic flows correctly. Also ensure that you dont have an interface ACL applied somewhere, because the ASA is stateful and therefore traffic could initiate a connection form one direction but it could fail in the other perhaps.

Let us know if you make progress.



This Discussion