03-07-2014 04:50 PM
I have a vpn tunnel between Cisco ASA Firewall and Juniper Firewall. The phase one and phase 2 is ok and the traffic go from ASA to Juniper is ok but the another site from Juniper to ASA doesn´t works.
Could you help me ?
My local network is 10.0.0.0/8 and remote network is 10.162.8.0/21.
03-09-2014 08:00 PM
Most likely the remote site does not either route properly to the Juniper for destinations or your network or, if they do, they fail to exempt the traffic from NAT. Since your network addresses are a superset of theirs, it poses some additional considerations and potential problems.
You'd need to work with the Juniper firewall admin to look into those and other causes.
09-17-2014 01:03 PM
Thank you.
09-17-2014 10:33 PM
When you say that the traffic from the Juniper side is not working, is it a host behind the Juniper that tries to pass across the tunnel?
when the traffic is initiated from behind the Juniper do you see the decrypt counts increasing on the ASA.
# show crypto ipse sa peer <Juniper side's public IP>
Start traffic from the Juniper side and run the above commands a couple of times to see if the encrypts and decrypts are increasing.
If the decrypts dont increase it would mostly be an issue with the routing or encryption on Juniper side.
As Marvin has pointed, check if the source nat off is present on the Juniper side if this is an SRX box.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide