Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
2
Replies

Site to Site VPN th Zone Baes Firewall one way traffic

Hasrat Bhanot
Level 1
Level 1

‎08-25-2017 08:37 AM - edited ‎03-12-2019 04:30 AM

Hello,

I have re-configured 1921 router on a branch with zone based firewall, after this my site to site VPN tunnel is up but traffic is only one way, I can only access from branch office 192.168.73.0/24 to head office 192.168.70.0/24 but not from head office to branch office please see the config attached of the branch office 1921 router. Head office got ASA5510, before re-configuring of 1921 router site to site vpn was working fine. 

X.X.X.X is the public ip address of the Head office

Y.Y.Y.Y is the public IP address of the branch office

 

Thanks

Hasrat

Labels:
Preview file
6 KB
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎08-25-2017 09:55 AM

Hi Hasrat,

 

I think you'll need zone pairings from WAN to LAN in addtion to the zone pairings from LAN to WAN.

E.g - zone-pair security ZP-SFINVER-WAN-to-LAN source Z-SFINVER-WAN destination Z-SFINVER-LAN

You'll need to repeat this for the other zones Z-SFINVER-GUEST and Z-CR-LAN

HTH

0 Helpful

Hasrat Bhanot
Level 1
Level 1
In response to Rob Ingram

‎11-27-2017 04:36 AM

sorry for late reply, it worked, just need some Access list sorted

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents