Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
2
Replies

Cisco ASA 5512-X S2S VPN works only in one direction

DivZ
Level 1
Level 1

‎07-17-2015 06:44 PM

Hi,

 

I have a Site to site VPN configured from a CISCO ASA 5512X to a Cisco ASR router. ASA inside network is 10.10.1.1/24 and the other end has 10.10.20.0/24. VPN tunnel is established and the traffic flows from ASR to CISCO ASA but the reverse is not working. I have attached the config, can you guys help me understand what is it I am missing?

 

I get an error deny udp src SRVR_VLAN:10.10.1.5 dest:WAN_ISP:10.10.20.10 by access-group "SRVR_VLAN_acces_in"

Labels:
Preview file
8 KB
0 Helpful
2 Replies 2

Marius Gunnerud
VIP
VIP

‎07-18-2015 01:15 AM 

nat (SRVR_VLAN,WAN-ISP) source static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp route-lookup -----includes my inside network, outside network
nat (SRVR_VLAN,WAN-ISP) source static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 destination static DM_INLINE_NETWORK_10 DM_INLINE_NETWORK_10 no-proxy-arp route-lookup

Are either of the NAT statements above the Twice NAT / NAT exempt statements for the VPN traffic?  If not then you need to add a twice NAT statement for your VPN traffic.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

DivZ
Level 1
Level 1
In response to Marius Gunnerud

‎07-30-2015 12:50 PM

Hi,

 

Thanks for your reply.  Looks like I have missed inside interface ACL. After creating the ACL, it works fine. 

0 Helpful
Customers Also Viewed These Support Documents