cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
254
Views
0
Helpful
2
Replies

Cisco ASA 5512-X S2S VPN works only in one direction

DivZ
Level 1
Level 1

Hi,

 

I have a Site to site VPN configured from a CISCO ASA 5512X to a Cisco ASR router. ASA inside network is 10.10.1.1/24 and the other end has 10.10.20.0/24. VPN tunnel is established and the traffic flows from ASR to CISCO ASA but the reverse is not working. I have attached the config, can you guys help me understand what is it I am missing?

 

I get an error deny udp src SRVR_VLAN:10.10.1.5 dest:WAN_ISP:10.10.20.10 by access-group "SRVR_VLAN_acces_in"

2 Replies 2

nat (SRVR_VLAN,WAN-ISP) source static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp route-lookup -----includes my inside network, outside network
nat (SRVR_VLAN,WAN-ISP) source static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 destination static DM_INLINE_NETWORK_10 DM_INLINE_NETWORK_10 no-proxy-arp route-lookup

Are either of the NAT statements above the Twice NAT / NAT exempt statements for the VPN traffic?  If not then you need to add a twice NAT statement for your VPN traffic.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Hi,

 

Thanks for your reply.  Looks like I have missed inside interface ACL. After creating the ACL, it works fine. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: