Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Hub and spoke VPN issue - probably simple

Hello,

I setup a Hub & Spoke VPN configuration as a temporary solution to get phones working at a client with 5 Sites. 

Site A: HQ and main PBX System - Cisco ASA 5520

Sites B-E: Remote Sites with PBX systems with ASA 5505's

I configured my crypto access-lists to allow all interesting traffic to/from all sites, and it's working for the most part. 

Refer to this short discussion for further reference

https://supportforums.cisco.com/message/4162268#4162268

Recently the customer started saying sometimes the call forwarding between sites isn't working correctly.  Upon further testing, it seems that you have to ping to/from both ends of the Spokes before traffic will start passing through properly.

E.g.

Site B wants to talk to Site C

I need to initiate a ping on Site B to Site C which fails

Initiate a ping on Site C to Site B and the first packet drops, then the rest go through

Initiate Ping on Site B to Site C and all works just fine.

Traffic going to/from Site A to/from any remote site (Sites B-E) works fine 100% of the time.

This is happening for all remote sites.  When traffic has been initiated on both ends, it works just fine, but after a specific timeout it appears to stop working.

Probably something simple I'm missing.  Any help is greatly appreciated.

(Also, kind of silly but I realize that I didn't need same-security-traffic on each spoke, correct?)

Everyone's tags (4)
189
Views
0
Helpful
0
Replies
CreatePlease to create content