cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4940
Views
0
Helpful
11
Replies

Site to Site Tunnel Forms but does not pass traffic both ways

timsnover
Level 1
Level 1

I am setting up a VPN connection between a Cisco 819HW router and a Cisco ASA 5520 VPN device. The VPN tunnel will successfully form, but when I do "sh crypto session detail", I can see where outbound packets are being encrypted (enc'ed?), but inbound packets are not:

Interface: GigabitEthernet0
Uptime: 00:24:37
Session status: UP-ACTIVE
Peer: 198.101.7.85 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 198.101.7.85
Desc: (none)
Session ID: 0
IKEv1 SA: local 166.157.75.93/500 remote 198.101.7.85/500 Active
Capabilities:(none) connid:2004 lifetime:23:35:22
IPSEC FLOW: permit ip 172.16.47.0/255.255.255.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 4357138/7 hours, 35 mins
Outbound: #pkts enc'ed 280 drop 0 life (KB/Sec) 4357039/7 hours, 35 mins

If I look at the tunnel on the ASA (using ASDM) I can see where the Bytes Tx are going up, but the Bytes Rx remain at 0. We have 3 separate VPN ASAs, all 5520's, and sometimes moving the VPN connection from one ASA to another will cause the tunnel to form and work fine, sometimes even that does not work.

This Cisco 819HW router is being used in the back of an ambulance and is connected to a Sierra Wireless 4G device for its WAN connection. What seems to be happening is, the connection is up and running fine but then the 4G connection loses it's signal or the device is turned off. Once it's turned back on or regains the signal, the tunnel re-forms but stops passing 2 way traffic.

I will be setting up, for now, 13 of these devices and need to know how to reliably have the tunnel come up and pass traffic both ways. Any assistance would be appreciated.

11 Replies 11

Philip D'Ath
VIP Alumni
VIP Alumni

We need to see the 819 configuration and the ASA 5520 configuration.