Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec between two ASAs initiated from one side only

We have a configured IPSec between two ASA firewalls.

Situation:

Initiate traffic from 1st office to 2nd office - IPSec goes UP

Initiate traffic from 2nd office to 1st office - no reaction.

But even IPSec is UP I see some Tx Bytes and 0 Rx Bytes on 1st site and 0 Tx Bytes and some Rx Bytes.

All others IPSec VPNs are working fine. Problem only with this one.

Everyone's tags (1)
2 REPLIES
Cisco Employee

Hi , It seems like the

Hi ,

 

It seems like the traffic from 2nd office is not reaching the 1st site and thus does not bring the VPN tunnel up . This is evident from the fact that you receive 0 bytes on the 1st site from remote side.

Please make sure you have correct routing and nat-exempt on the 2nd office as the packets are reaching 2nd office but are not leaving for 1st office.

Use packet tracer utility shown here http://goo.gl/VgkuKT to confirm the right nat-exempt is being used or not.

Hope this helps.
Regards,
Dinesh Moudgil

 

P.S. Please rate helpful posts.

New Member

Hi Dinesh,First time I

Hi Dinesh,

First time I thought about problem with NAT. But packet-tracer shows me that all is working fine. After doublecheck the configuration I tried to find some solution in knowledgebase. It's a firmware 8.2(1) bug. Workaround - reboot device or update firmware.

Regards, Taras

132
Views
0
Helpful
2
Replies
CreatePlease to create content