Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hub and spoke VPN issue - probably simple

Hello,

I setup a Hub & Spoke VPN configuration as a temporary solution to get phones working at a client with 5 Sites. 

Site A: HQ and main PBX System - Cisco ASA 5520

Sites B-E: Remote Sites with PBX systems with ASA 5505's

I configured my crypto access-lists to allow all interesting traffic to/from all sites, and it's working for the most part. 

Refer to this short discussion for further reference

https://supportforums.cisco.com/message/4162268#4162268

Recently the customer started saying sometimes the call forwarding between sites isn't working correctly.  Upon further testing, it seems that you have to ping to/from both ends of the Spokes before traffic will start passing through properly.

E.g.

Site B wants to talk to Site C

I need to initiate a ping on Site B to Site C which fails

Initiate a ping on Site C to Site B and the first packet drops, then the rest go through

Initiate Ping on Site B to Site C and all works just fine.

Traffic going to/from Site A to/from any remote site (Sites B-E) works fine 100% of the time.

This is happening for all remote sites.  When traffic has been initiated on both ends, it works just fine, but after a specific timeout it appears to stop working.

Probably something simple I'm missing.  Any help is greatly appreciated.

(Also, kind of silly but I realize that I didn't need same-security-traffic on each spoke, correct?)

Everyone's tags (4)
178
Views
0
Helpful
0
Replies
CreatePlease login to create content