09-11-2014 09:38 AM - edited 02-21-2020 07:49 PM
We have a configured IPSec between two ASA firewalls.
Situation:
Initiate traffic from 1st office to 2nd office - IPSec goes UP
Initiate traffic from 2nd office to 1st office - no reaction.
But even IPSec is UP I see some Tx Bytes and 0 Rx Bytes on 1st site and 0 Tx Bytes and some Rx Bytes.
All others IPSec VPNs are working fine. Problem only with this one.
09-12-2014 04:06 PM
Hi ,
It seems like the traffic from 2nd office is not reaching the 1st site and thus does not bring the VPN tunnel up . This is evident from the fact that you receive 0 bytes on the 1st site from remote side.
Please make sure you have correct routing and nat-exempt on the 2nd office as the packets are reaching 2nd office but are not leaving for 1st office.
Use packet tracer utility shown here http://goo.gl/VgkuKT to confirm the right nat-exempt is being used or not.
Hope this helps.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
09-13-2014 02:24 PM
Hi Dinesh,
First time I thought about problem with NAT. But packet-tracer shows me that all is working fine. After doublecheck the configuration I tried to find some solution in knowledgebase. It's a firmware 8.2(1) bug. Workaround - reboot device or update firmware.
Regards, Taras
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide