Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Application Traffic Only traversing IPSEC tunnel one way

I have an IPSEC tunnel over an ISDN link.

An FTP host and client at either end.

With IPSEC disabled - all is well.

With IPSEC enabled the following symptoms occur:

1. ftp traffic from the client traverses the tunnel, connects to the host and is sent out the remote router interface, but never reaches the local interface.

2. all other traffic going to a host/client at either end is the same if initiated from the router or a client/host on a local LAN.

3. all traffic initiated from either tunnel end point to the other tunnel end point is good.

ftp client - 7204VXR(ik9s-12.2.6) to 2611(ik9s-12.2.6) to ftp host

Configs check out good.

Acls are good.

Debugs and sh crypto tell me that isakmp and ipsec are up and happening.

My only other option is to upgrade the IOS as I am stumped!!!


Re: Application Traffic Only traversing IPSEC tunnel one way

Did it ever work?

Do your acl's permit the return traffic (is it passive or active ftp) or do you permit IP through the tunnel (ie not based on tcp port)?