Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
0
Helpful
7
Replies

Bidirectional Site to Site VPN configuration

sw26
Level 1
Level 1

‎02-03-2023 01:27 AM

Hello All,

I got into situation where i need to configure the Bidirectional Site to Site VPN tunnel. I have configured some S2S tunnel before as well but the initiator of traffic always from other side.

Now the situation is different other side end is the application server & they wanted bidirectional traffic flow.

Now i don't understand , how i configure this ? can any one suggest me how i will do nating & ACL here ?
Local network ::  10.10.46.2 
Remote network :: 100.238.76.50 - 100.238.76.53
Peer IP :: 100.238.124.53

Note :: the Ip address is dummy one


Labels:
0 Helpful
7 Replies 7

Rob Ingram
VIP
VIP

‎02-03-2023 01:42 AM

@sw26 on what hardware, ASA, FTD or IOS router?

By default setting up a new VPN will always be bidirectional (either side can bring up the tunnel). You have to explictly configure initiator or responder only, so you may not need to do anything specific there.

Assuming you are using a policy based VPN with a crypto map, then you will just need to generating interesting traffic in order to establish the tunnel.

This post provides an example to configure a policy based VPN between an ASA to IOS router. Or if you are using an FTD, here is an example on how to configure a VPN on the FTD.

0 Helpful

sw26
Level 1
Level 1
In response to Rob Ingram

‎02-06-2023 04:06 AM

Hi Rob,

I am using ASA Firewall on my end & another end device is think pad that i got to know now .....
It's new for me ...i never see any situation before .....Also they are using all public ip address for interested traffic server  & not doing any Nating .

I am clueless now .....how the config will be 

0 Helpful

Rob Ingram
VIP
VIP
In response to sw26

‎02-06-2023 04:13 AM

@sw26 a "think pad" ? Are you sure? this is a computer, so you wouldn't establish a Site-to-Site VPN, you use a Remote Access VPN using the AnyConnect VPN client.

0 Helpful

sw26
Level 1
Level 1
In response to Rob Ingram

‎02-07-2023 05:24 AM

Hi Rob ,

Sorry , Actually user confirmed that yesterday on email now i had contacted via calls to there network team & got to know that they have VMware Edge device (where they will configure SIte to Site VPN).

0 Helpful

MHM Cisco World
VIP
VIP

‎02-03-2023 02:27 AM

are you run dynamic VPN ?

if Yes then by default only the dynamic peer initiate the traffic. 

0 Helpful

sw26
Level 1
Level 1
In response to MHM Cisco World

‎02-06-2023 04:06 AM

Hi ,

No i am using static vpn

0 Helpful

MHM Cisco World
VIP
VIP
In response to sw26

‎02-07-2023 06:34 AM

as you update us, I think that VMware use remote access (dynamic) no S2S.

0 Helpful
Customers Also Viewed These Support Documents