03-09-2021 08:36 AM
Hi Team,
Just a random question I was discussing with my colleagues.
Peer A is able to establish a VPN tunnel with Peer B however when Peer B is initiating a tunnel towards Peer B it is unsuccessful.
Connectivity is Fine, both ends are configured with Static IP.
Can someone tell me what could be the possibilities for this?
Thank you in Advance!
Geetansh Bhardwaj
03-09-2021 08:48 AM
Peer A is able to establish a VPN tunnel with Peer B however when Peer B is initiating a tunnel towards Peer A it is unsuccessful. - this could e configured as Peer A is the initiator.
what is the device here?
03-09-2021 09:07 AM
It could be a PFS issue. If the initiator does not have PFS enabled or a smaller DH group then the connection will fail. If the initiator has a group configured but the responder does not or the responder has a smaller DH group configured then the PFS group of the initiator is used and the VPN established.
Or as already mentioned one peer could be configured to "answer-only", so will therefore never initate the estalishment of the VPN.
03-09-2021 11:53 PM
Thank you for the response @Rob Ingram $ @balaji.bandi.
One possibility I came to know is if Peer A is connected to a firewall that is inside interface of Peer is connected to Firewall so the tunnel from Peer to Peer B would be allowed as the traffic going from inside towards outside and firewall security level will allow it, but when initiating the traffic from Peer B to Peer A, we have a firewall which we are hitting on the outside interface so default it will block the flow, we need to open an ACL to allow it.
Thank you for help!
03-10-2021 01:42 AM
possibilities are many - but this required and confirmed part of Troubleshoot, what is agreed between peer, what allowed or what accepted denied. (need to post debug logs and configuration)
that is the reason always use VPN form for both parties what agreed to be achieved and some flow Visio diagram every time VPN build, so that is Knowledge transfer and living document for the Operation to run smoothly.
that is the reason for the most cases we advise to document correctly and changes made also document, since when the issue reported it is easy to understand what is the setup and agreed, so you know what condition and how to troubleshoot easy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide