Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
945
Views
4
Helpful
2
Replies

VPN master slave

ciscomichael1
Level 1
Level 1

‎09-30-2015 09:50 AM

I have a wierd situation. i have a site to site tunnel; site A and site B. site A does not ping site B but if i ping from site B, I will get a reply from A. Only then will site A start sending traffic. Is there such a thing like master and slave setup in VPN where one end has to be the initiator of traffic. how do i fix it so that both ends can ping each other

Labels:
0 Helpful
2 Replies 2

rvarelac
Level 7
Level 7

‎09-30-2015 09:50 PM

Hi Michael , 

 

This problem is seen if the ACL specified on the crypto map does not match exactly with the peer , make sure the interesting traffic is mirrored properly on both devices.  Other possibility is that a stateful firewall is on the middle of the connection and is blocking the traffic from A to  B , but allowing B to A traffic. 

 

Hope it helps

-Randy-

pjain2
Cisco Employee
Cisco Employee

‎09-30-2015 09:51 PM

1. are you initiating traffic from one of the host behind site A or from the ASA A itself?

2. when you initiate traffic first from Site A, do you see the traffic getting encrypted in the ipsec sa output?

2. do you see corresponding decaps on the Site B ASA?

0 Helpful
Customers Also Viewed These Support Documents