08-22-2022 05:10 AM
Hi all, I’m hoping someone can point me in the right direction
I have site to site vpn from the US to the UK, but the connection will only become active when it’s pinged from the US side
any ideas
greatly received
08-22-2022 05:13 AM - edited 08-22-2022 05:14 AM
@billybong It sounds like you have a policy based VPN (crypto map), so there could be several reasons. If it is a dynamic crypto map, then only one side can initiate the connection. Or if a static crypto map and one side is set to answer/respond only, then that peer will not attempt to establish a connection.
If you were using VTI then the tunnel would can always be established without having to generate interesting traffic.
Provide more information on your design.
08-22-2022 05:26 AM
thanks for the quick reply
it’s a static map, how do i check if one side set incorrectly
08-22-2022 05:31 AM
static IPSec then check if one side is responder only.
responder only meaning it not start IPsec until other end start IPsec tunnel establish.
08-22-2022 05:31 AM
@billybong what device are you using?
On the ASA - crypto map map-name seq-num set connection-type ( answer-only | originate-only | bidirectional )
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide