Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
1
Replies

Application Traffic Only traversing IPSEC tunnel one way

jjessen
Level 1
Level 1

‎10-02-2002 04:03 AM - edited ‎02-21-2020 12:05 PM

I have an IPSEC tunnel over an ISDN link.

An FTP host and client at either end.

With IPSEC disabled - all is well.

With IPSEC enabled the following symptoms occur:

1. ftp traffic from the client traverses the tunnel, connects to the host and is sent out the remote router interface, but never reaches the local interface.

2. all other traffic going to a host/client at either end is the same if initiated from the router or a client/host on a local LAN.

3. all traffic initiated from either tunnel end point to the other tunnel end point is good.

ftp client - 7204VXR(ik9s-12.2.6) to 2611(ik9s-12.2.6) to ftp host

Configs check out good.

Acls are good.

Debugs and sh crypto tell me that isakmp and ipsec are up and happening.

My only other option is to upgrade the IOS as I am stumped!!!

Labels:
0 Helpful
1 Reply 1

steve.barlow
Level 7
Level 7

‎10-02-2002 10:11 AM

Did it ever work?

Do your acl's permit the return traffic (is it passive or active ftp) or do you permit IP through the tunnel (ie not based on tcp port)?

Steve

0 Helpful
Customers Also Viewed These Support Documents