Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
1
Replies

Why can only 1 side of the VPN tunnel initiate the traffic?

ajwhite0
Level 1
Level 1

‎09-28-2021 05:34 AM

Hello,

 

We have a VPN from the UK to Holland, we manage the UK side on a Cisco router, I don't know what they use in Holland.

 

Phase 1 and 2 work, but we can only initiate from the UK side.  So we had a report from a Dutch user who couldn't access a server in the UK and he was right as he couldn't ping it.  I got his IP and went onto the server and pinged back to him and the tunnel SA came up and I could eventually ping him and everything works.  Then after some time it goes down again I guess due to inactivity.

 

Now I have continuous pings running to their subnets to keep things up.

 

What should I check and get Holland to check?

 

Thanks

Labels:
0 Helpful
1 Reply 1

MHM Cisco World
VIP
VIP

‎09-28-2021 08:03 AM

Dynamic IPSec config without any Peer Set, the peer with this config can only accept IPSec traffic not initiate traffic.

0 Helpful
Customers Also Viewed These Support Documents