Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
1
Replies

site to site VPN only initial by one side ping

Go to solution
alan-wong
Level 1
Level 1

‎08-18-2013 09:08 AM

I am using asa5505(8.2) SiteA iskamp site to site VPN to SiteB asa5515x(8.6) ikev1. The tunnel will up and running only if initial ping from SiteA

I don't know why tunnel cannot up and running if I try to initial ping from siteB. Is there any setup I miss that I can make both site initial ping to bring up tunnel?

Both site A 5505 and B 5515x are using static IP for peer.

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-18-2013 11:29 PM

There are a couple of parameters in the IPSec-config that can cause this behaviour if they don't match on both sides. Start with checking that the entries in your Crypto-ACL are really mirrored. That's what I have seen most often with this problem. Check also if you have configured "initiate-only" or "respond-only" on your ASAs which could also cause this problem.


Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎08-18-2013 11:29 PM

There are a couple of parameters in the IPSec-config that can cause this behaviour if they don't match on both sides. Start with checking that the entries in your Crypto-ACL are really mirrored. That's what I have seen most often with this problem. Check also if you have configured "initiate-only" or "respond-only" on your ASAs which could also cause this problem.


Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents