Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
114
Views
0
Helpful
0
Comments

L2L Site VPN - ACL stopping traffic in one direction

ikoritana_sbet
Level 1
Level 1

on ‎04-15-2013 02:47 AM

Hi,

We have a standard L2L VPN setup. We had an issue with IP traffic only passing in 1 direction.  The Crypto map ACL's were setup as below

SITE A

access-list XXX-L2L-CRYPTOMAP extended permit ip 192.168.118.0 255.255.255.0 172.16.246.0 255.255.255.0

SITE B

access-list xxx-L2L-VPN-CRYPTOMAP extended permit ip 172.16.246.0 255.255.255.0 192.168.118.0 255.255.255.0

access-list xxx-L2L-VPN-CRYPTOMAP extended permit icmp 172.16.246.0 255.255.255.0 192.168.118.0 255.255.255.0

The issue we had was that Site A could ping Site B and vice versa. Site A could Communicate on IP with Site B.

BUT Site B COULD NOT communicate with Site A on IP.

We removed the ICMP ACL on Site B and IP communication was ok bidirectionally.

Has anyone seen this issue or exaplin what may be wrong.


Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents