Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
0
Helpful
1
Replies

Site to Site VPN

Noside
Level 1
Level 1

‎04-26-2019 03:17 AM

We have an issue with a new VPN tunnel for 1 of our client in the new rack Firewall

Peer IP : 113.x.x.171

Local IP : 76.x.x.24 and Remote 113.x.x.150

The tunnel is up and traffic is going from our Server (76.x.x.24/172.16.x.68) to 113.x.x.150.

However the reverse traffic, ie when they try to connect to our IP 76.x.x.24 on port 443 from 113.x.x.150, I am able to see the packets in our firewall but we are not returning the response

Current Setup:

Crypto MAP configuration
source is 76.x.x.24
destination is 113.x.x.150
peer is 113.x.x.171

the local IP of the server is 172.16.x.68 but already NATTED to 76.x.x.24

Question:
in incoming VPN traffic,I can see the incoming packets too but we are not responding back. I think It can be NAting issue,
reverse routing issue or can be an access list too. Kindly give me the possibilities of this issue. THanks

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎04-26-2019 05:15 AM

Hi,

What is the configuration of the ACL applied to the crypto map? Does it contain the private IP address or the public IP address?

 

Are they connecting to the server on it's public/nat address? Or via the real/private IP address and NAT is configured?

 

Why not just keep it simple and route and get them to connect to the real/private IP address?...therefor no nat required.

 

0 Helpful
Customers Also Viewed These Support Documents