Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

one way vpn traffic

I have a IPsec VPN tunnel up, but cannot send traffic across a VPN. The remote site can send traffic to the VPN router. One of the requirements is that all devices must have same public IP. So that is why the Linksys VPN router's Lan address is the 55.x.x.120.

Is it because we are using the public IP on the Linksys lan that it won't send traffic through the VPN?

Or is it because the Cisco VPN server is configured only to allow the one host (the linksys router)?

If I have a computer on the linksys lan at 55.x.x.121 i have no access to the VPN tunnel.

The linksys also has a ping utility. I can ping the remote gateway, but not the remote host 160.x.x.160. This makes me think the router is just going out the WAN to the internet and not using the VPN?

Any insight would be appreciated. Normally i'd be joining two private networks over a VPN tunnel, but Im wondering if it will work with the given restrictions.


Edge router:

NATs 55.x.x.120

access-list UDP 500, 4500 and IP Protocol 50 on

Linksys VPN router:


LAN 55.x.x.120/24 IP address


local subnet: 55.x.x.120/32

remote subnet: 160.x.x.160/32

remote gateway: 160.x.x.150/32

On the remote ASA5520 they have:

local subnet: 160.x.x.160/32

remote subnet: 55.x.x.120/32

remote gateway: 55.x.x.120/32

Cisco Employee

Re: one way vpn traffic

If you use /32 subnet mask for Local and remote subnet, only a single ip address would be part of the tunnel.

Change it to a network, so that it can include more ip addresses.

That should let you ping the host connected to the routers.


New Member

Re: one way vpn traffic

Im sure you're right. We tested as a host to network VPN and it worked. For some reason it had to change to a host to host.


CreatePlease to create content