Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5540 x Jupiter VPN works only one way

   I have a vpn tunnel between Cisco ASA Firewall and Juniper Firewall.  The phase one and phase 2 is ok and the traffic go from ASA to Juniper is ok but the another site from Juniper to ASA doesn´t works.

Could you help me ?

My local network is 10.0.0.0/8 and remote network is 10.162.8.0/21.

3 REPLIES
Hall of Fame Super Silver

Most likely the remote site

Most likely the remote site does not either route properly to the Juniper for destinations or your network or, if they do, they fail to exempt the traffic from NAT. Since your network addresses are a superset of theirs, it poses some additional considerations and potential problems.

You'd need to work with the Juniper firewall admin to look into those and other causes.

New Member

Thank you.

Thank you.

New Member

When you say that the traffic

When you say that the traffic from the Juniper side is not working, is it a host behind the Juniper that tries to pass across the tunnel?

when the traffic is initiated from behind the Juniper do you see the decrypt counts increasing on the ASA.

# show crypto ipse sa peer <Juniper side's public IP>

Start traffic from the Juniper side and run the above commands a couple of times to see if the encrypts and decrypts are increasing.

If the decrypts dont increase it would mostly be an issue with the routing or encryption on Juniper side. 

As Marvin has pointed, check if the source nat off is present on the Juniper side if this is an SRX box.

170
Views
0
Helpful
3
Replies
CreatePlease login to create content