Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Site-To-Site VPN: Can Only Ping In One Direction

Hello all,

I'm having some trouble getting a test site-to-site VPN up and running properly. I'm establishing a tunnel between two devices over a LAN, from an SRX100 with JunOS to an ASA 5520. I'm learning how to use both pieces of hardware for the first time, so it's a bit of a trial-by-fire. Any help is greatly appreciated.

The tunnel is up, stays up, and I can ping from the Juniper's trusted network to a computer on the Cisco's trusted network, in this case, from 10.1.80.5 to 192.168.0.21.

I cannot ping from 192.168.0.1 to 10.1.80.5, but I can ping that interface - 10.1.80.1.

I'm just about to set up packet-tracing to see what's happening, if I can figure it out.

Can anyone point me in the right direction?

Thanks in advance!

3 REPLIES
Cisco Employee

Re: Site-To-Site VPN: Can Only Ping In One Direction

Try resetting the VPN tunnels (clear crypto ipsec sa)

PK

Cisco Employee

Re: Site-To-Site VPN: Can Only Ping In One Direction

Make sure the 10.1.80.5 doesnt have a personal FW preventing incoming ping. Also check that the 10.1.80.5 host has a route back to the

192 network (route PRINT on the PC).

With the networking equipment, similarly check that there arent any FW rules (access-groups) that deny this traffic and for the tunnel -- make sure both crypto ACLs (or equivilant for the JunOS) permit the traffic.

If youre still not sure, setup the packet tracer, check the logs (log enable, logg buffered debug, show log) and setup packet captures (wireshark) on the PCs.

Hope this helps you resolve the problem

-heather

Please rate this post and mark it as resolved if this fixes the issue.

New Member

Re: Site-To-Site VPN: Can Only Ping In One Direction

Thanks for the responses!

It turns out that it's likely the Juniper dropping the pings.

I ran Wireshark, and can see the pings leaving the Cisco, but not returning.

I'll check it out, and if I'm still having problems, I'll see what happens.

Thanks again!

1364
Views
0
Helpful
3
Replies
CreatePlease to create content