Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
2
Replies

IPSec between two ASAs initiated from one side only

tkupybida
Level 1
Level 1

‎09-11-2014 09:38 AM - edited ‎02-21-2020 07:49 PM

We have a configured IPSec between two ASA firewalls.

Situation:

Initiate traffic from 1st office to 2nd office - IPSec goes UP

Initiate traffic from 2nd office to 1st office - no reaction.

But even IPSec is UP I see some Tx Bytes and 0 Rx Bytes on 1st site and 0 Tx Bytes and some Rx Bytes.

All others IPSec VPNs are working fine. Problem only with this one.

Labels:
0 Helpful
2 Replies 2

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎09-12-2014 04:06 PM

Hi ,

 

It seems like the traffic from 2nd office is not reaching the 1st site and thus does not bring the VPN tunnel up . This is evident from the fact that you receive 0 bytes on the 1st site from remote side.

Please make sure you have correct routing and nat-exempt on the 2nd office as the packets are reaching 2nd office but are not leaving for 1st office.

Use packet tracer utility shown here http://goo.gl/VgkuKT to confirm the right nat-exempt is being used or not.

Hope this helps.
Regards,
Dinesh Moudgil

 

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

tkupybida
Level 1
Level 1
In response to Dinesh Moudgil

‎09-13-2014 02:24 PM

Hi Dinesh,

First time I thought about problem with NAT. But packet-tracer shows me that all is working fine. After doublecheck the configuration I tried to find some solution in knowledgebase. It's a firmware 8.2(1) bug. Workaround - reboot device or update firmware.

Regards, Taras

0 Helpful
Customers Also Viewed These Support Documents