Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
820
Views
0
Helpful
2
Replies

One way traffic over IPSEC VPN

usucsupport
Level 1
Level 1

‎07-04-2017 02:03 AM - edited ‎02-21-2020 09:21 PM

I have ISR4331 at one end and three ASA at three different site which is connected via IPSEC VPN. I facing one way traffic at all the three sites. Let be define the topology as best as I can.

3750switch <--------> ISR4331 <-----> ISP cloud <----->ASA<------->3750switch

Thing is I can reach or ping to all the subnet at the ASA side but i could reach only upto the gateway(internal) on the ISR side. By the by the gateway is the IP address of the sub interface configured on the ISR.

I am not sure whether it is routing issue or IPSEC tunnel issue. Would like you have suggestions from Cisco. I have attached the running configuration of ISR, ASA and 3750switch at ISR side.

Labels:
Preview file
13 KB
Preview file
37 KB
Preview file
30 KB
0 Helpful
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎07-04-2017 02:33 AM

I don't see inside-self zone configured. Also, check your natting to make sure that your traffic to remotes isn't getting natted. 

0 Helpful

usucsupport
Level 1
Level 1
In response to Mohammed al Baqari

‎07-04-2017 02:46 AM

Thank you for checking this issue. Can you provide me some idea or command to check on the above things. I am not expert on this.

0 Helpful
Customers Also Viewed These Support Documents