Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
222
Views
0
Helpful
1
Replies

Remote PIX tunnel - can't see hosts until they connect to me first

cgleaves
Level 1
Level 1

‎12-19-2006 01:04 PM - edited ‎02-21-2020 01:21 AM

I have a remote 501 running an Easy VPN connection back to our HQ ASA 5520s but have noticed that even though the tunnel is built fine I cannot ping from the HQ side to the remote systems until one of them pings me first. I have tried the nem-st-autoconnect which has it's own problems (the dsl router on the remote side chops the connection in the middle causing the 501 to never rebuild the tunnel, I have recreated this in my lab) but in any case I simply want to be able to ping the remote hosts when the tunnel is up but cannot figure out how. I have tried the management-access inside flag which has the same issues. I have a valid tunnel but cannot "see" the remote network until they initiate a connection. Any ideas?

thanks a ton.

0 Helpful
1 Reply 1

AEAvery
Level 1
Level 1

‎12-21-2006 05:43 PM

I have that issue with DHCP remotes. No way for us to know what their outside address will be. They have to open the tunnel. I think I may have stumbled upon a possible solution by using the NTP protocol to work off a server at my HQ. This way, that will occasionally talk to my HQ servers and open the tunnel!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card