Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
4
Replies

On demand ping, NEED HELP!!!

huntlee
Level 1
Level 1

‎10-21-2010 02:16 AM - edited ‎03-11-2019 11:58 AM

Dear all NetPro gurus,

I have a WAN scenario with the following scenario:-

Site A (192.168.9.23) ----- WAN ----- Site B (192.168.38.41)

This is what happens:-

At the beginning of day, doesn't matter what the user did at Site B (192.168.38.41), he can't ping 192.168.9.23.

Now if I goto Site A and from 192.168.9.23 (which is a server), i ping to 192.168.38.41, then from that point onwards, Site B can ping to Site A and everything works.

HOWEVER, after next day, everything resumes to before and the scenario repeats that Site B can not ping Site A again until Site A initiate the ping again.

Have anyone see this before???

Cheers,

Hunt

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-21-2010 02:41 AM

Is site-A and site-B connected via VPN?

If they are, what type of VPN is it?

IPSec site-to-site VPN? static to dynamic or static to static site-to-site VPN?

If it's IPSec dynamic to static, only the dynamic site can initiate the VPN connection towards the static site. Base on your description so far, it sounds like that.

If it's IPSec VPN, check the lifetime configured, you can make the lifetime longer so the VPN tunnel stays up longer so the static site can still access the dynamic site.

0 Helpful

huntlee
Level 1
Level 1
In response to Jennifer Halim

‎10-21-2010 03:35 AM

it is a static site-to-site VPN.

Also at Site A, there is another server at IP 192.168.3.33, which does NOT have this problem and can be ping and connect to by Site B whenever Site B wants to.  No need to pre-ping from Site A.

Would greatly appreciated your help.

Cheers,

Hunt

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to huntlee

‎10-21-2010 04:27 AM

What device is it? Can you share the config?

Is it a stateful firewall? How is the NAT being configured?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to huntlee

‎10-21-2010 04:29 AM

Hunt

With the greatest respect you shouldn't post this in both the firewalling an LAN Routing & Switching as it just creates confusion and can waste people's time. In additon on LAN R&S you made no mention of a VPN tunnel and there was no reason we would ask about it as we are dealing with LANs.

I'll post back to the LAN R&S and link it through to here as it seems more appropriate for this forum.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card