Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec between two ASAs initiated from one side only

We have a configured IPSec between two ASA firewalls.


Initiate traffic from 1st office to 2nd office - IPSec goes UP

Initiate traffic from 2nd office to 1st office - no reaction.

But even IPSec is UP I see some Tx Bytes and 0 Rx Bytes on 1st site and 0 Tx Bytes and some Rx Bytes.

All others IPSec VPNs are working fine. Problem only with this one.

Everyone's tags (1)
Cisco Employee

Hi , It seems like the

Hi ,


It seems like the traffic from 2nd office is not reaching the 1st site and thus does not bring the VPN tunnel up . This is evident from the fact that you receive 0 bytes on the 1st site from remote side.

Please make sure you have correct routing and nat-exempt on the 2nd office as the packets are reaching 2nd office but are not leaving for 1st office.

Use packet tracer utility shown here to confirm the right nat-exempt is being used or not.

Hope this helps.
Dinesh Moudgil


P.S. Please rate helpful posts.

New Member

Hi Dinesh,First time I

Hi Dinesh,

First time I thought about problem with NAT. But packet-tracer shows me that all is working fine. After doublecheck the configuration I tried to find some solution in knowledgebase. It's a firmware 8.2(1) bug. Workaround - reboot device or update firmware.

Regards, Taras

CreatePlease to create content