cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

VPN doesn't come up until remote end generates interesting traffic..

mloraditch
Rising star
Rising star

Two ASA 5512s. Site to Site IKEv1 Tunnel. I send traffic from one side, Phase 1 and Phase 2 complete, but the specific SAs for the subnet pair I am trying do NOT come up until I generate traffic from the far end. EX: I am pinging from 192.168.1.1 to 192.168.2.1. Tunnel comes up, but until i do the reverse and ping from 192.168.2.1 to 192.168.1.1 the ASA doesn't even show that specific subnet pair in the IPSEC SA list.. I've had this a few times recently and it's just very odd. I have over 100 Site to Site VPNs between my core ASA and remote clients and they work fine.

Any suggestions or ideas? I took over this remote ASA so it was not configured from scratch to my normal specs. I am wondering if some sort of setting I've not really dealt with could be messed up?

 

Thanks!

1 REPLY 1

Fabian Ortega
Beginner
Beginner

Hello mloraditch,

Can you please share with me the following information from the ASA you are trying to establish the tunnel from (Main side):

1. show ip.

2. show run management-access.

3. The interesting traffic ACL for this VPN tunnel.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: