03-11-2022 04:31 AM - edited 03-11-2022 05:39 AM
Hello,
i have realy strange problem with S2S tunnel configuration between ASA and FTD (managed remotely by FMC).
Most of networks from ASA (site1) can't comunicate with FTD (site2) until FTD don't start connection from it's side. Only one can comunicate bidirectional (in same tunel).
Tunel: IKEv2, IPSec.
I have network like:
A) S1: 10.1.2.0 <-> S2: 10.2.2.0 - when S1 try talk (ICMP or HTTP/S) with S2 there is no traffic. When S2 do the same to S1 it's working and after this S1 also can talk to S2. After few hours connection is dropped and i must make ping from S2 -> S1 to establish connection between those networks.
B) S1: 10.1.3.0 <-> S2: 10.2.3.0 - the same as above
But there is also ACL and NAT that allow:
C) S1: 10.1.5.0 <-> S2: 10.2.2.0 and this connection works normally for both sides.
All ACL and NAT are the same (of course have different object and networks but logical configuration is the same).
Why only one pair of connected network works and others must wait for traffic from S2?
03-11-2022 04:35 AM
@DamianKolodziej03650 a couple of things to check.
Is S1 configured to answer only? Meaning it can only be the responder and cannot initate the tunnel.
Is PFS configured on both sides?
03-11-2022 04:47 AM
@Rob Ingram wrote:@DamianKolodziej03650a couple of things to check.
Is S1 configured to answer only? Meaning it can only be the responder and cannot initate the tunnel. - i've never heard that this is possible so "No". One network from S1 have connection all the time to S2 and it's not dropped after few hours.
Is PFS configured on both sides? - YES
03-11-2022 05:48 AM
Can i see all nat config in asa,
Note:- hide public ip.
03-15-2022 06:18 AM
do you solve the issue ?
I think the issue is arrangement of NAT where NAT exception is push below the dynamic NAT of Outside Interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide