Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Tunnel not working until remote peer initiate some traffic

Hi all,

I have configured a vpn that just working it, when we initiate the traffic. If remote to try initiate any connection, will be unble to make it.

Do you know why should is heppening this?

Just this peer is able to initiate the traffic

access-list outside_cryptomap_1 extended permit ip 1.2.3.0 255.255.255.0 4.5.6.0 255.255.255.0

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-3DES esp-3des esp-none

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 1 match address outside_cryptomap_1

crypto map outside_map 1 set pfs group1

crypto map outside_map 1 set peer X.X.X.X

crypto map outside_map 1 set transform-set ESP-3DES

7 REPLIES

Re: Tunnel not working until remote peer initiate some traffic

Do you have a 'dynamic' crypto map setup at one side? In that case only the side with the static crypto map can initiate the connection.

Regards

Farrukh

Community Member

Re: Tunnel not working until remote peer initiate some traffic

I haven't. There is no dynamic crypto at other side.

Re: Tunnel not working until remote peer initiate some traffic

Please post more details about the setup.

What are the VPN terminating devices, IOS?

Are you using NAT-T?

What is the routing configuration?

Regards

Farrukh

Community Member

Re: Tunnel not working until remote peer initiate some traffic

The vpn terminating device is IOS.

I dont have the information if the vpn terminating is using nat-t, the only information about vpn terminating that I have are this:

crypto isakmp policy 4

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key

crypto ipsec transform-set ZZZZZ esp-3des

crypto map XXX 11 ipsec-isakmp

set peer Y.Y.Y.Y

set transform-set ZZZZZ

match address AAAAA

ip access-list extended AAAAA

About the routing, I have a branch office that arrives via L2L until vpn and the traffic is forward to tunnel. In concern to the routing is okay.

Thank you

Re: Tunnel not working until remote peer initiate some traffic

Sorry I was away, please let me know if this issue is still open.

Regards

Farrukh

Community Member

Re: Tunnel not working until remote peer initiate some traffic

yes. Is open yet.

Community Member

Re: Tunnel not working until remote peer initiate some traffic

do a sh crypto isakmp sa

deb isakmp 255 and post the output

255
Views
0
Helpful
7
Replies
CreatePlease to create content