08-24-2010 09:52 AM
Hi,
I have a site-to-site vpn between ASA & PIX. Configuration are perfectly alright. But the problem is only when i initiate a traffic from PIX side the ASA side hosts respond. It is like 1 to 1 it response. i.e if PIX side host A initiatez a traffic to ASA side host A, it will only respond to PIX side host A & not to all other host. If other hosts has to respond from ASA side, all other hosts in PIX side should initiate. Not sure what could be the problem here. Any ideas?
08-24-2010 10:31 AM
I recommend you double check your crypto ACL's one more time and ensure your subnet masks are matching correctly. It sounds to me that once the IPSec SA is up traffic flows correctly. Also ensure that you dont have an interface ACL applied somewhere, because the ASA is stateful and therefore traffic could initiate a connection form one direction but it could fail in the other perhaps.
Let us know if you make progress.
Regards,
Uwe
08-24-2010 10:33 AM
Check out this link, which describes the connection-type command: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml#backup
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: