Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
973
Views
0
Helpful
1
Replies

VPN-tunnel working only one way

cisco
Level 1
Level 1

‎11-01-2009 12:46 PM - edited ‎03-11-2019 09:35 AM

I have a strange problem when setting up an ipsec-tunnel between my ASA 5520 and a remote peer. The tunnel comes up fine and when I am initiating traffic from my side everything is working fine, I can log into SAP and worh in the system. But if I try to initiate traffic from the remote site, i.e. send a print from the remote system to a printer on my local site that does not work. The tunnel is already up and running, but it seem the the remote peer try to start a new tunnel. I really need help on this, the included attachment shows some of the debug-output from my ASA when the remote system initiate some traffic.

Aften a while the ASA logs something like "All SA are unacceptable"

I have been running the same config against the same peer for years without problems, but I cannot get it to work on the ASA.

I think that the fact that the tunnel comes up and that I can reach the remote system shows the transform-sets, PFS-values and other paramteres are correct?

Any tips?

Labels:
0 Helpful
1 Reply 1

hdashnau
Cisco Employee
Cisco Employee

‎11-01-2009 03:36 PM

Double check the crypto map match address statements (crypto ACLS). Make sure that there are no overlaps with other peers crypto acls, that youre not landing on the dynamic map entry in one direction, and also make sure for your peer that on both sides of the tunnel they have the exact same crypto acl mirrored (pay special attention to the subnet masks that you have defined as well)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card