We help IT Professionals succeed at work.

Cisco ASA 5520 Site to Site VPN

bluedots asked
I set up a site to site VPN to  another office.  Traffic from my side can hit the other office but not vice versa.  I have no filters in place.  What could be the cause?
Watch Question

Istvan KalmarHead of IT Security Division
Top Expert 2010

Please show booth side configs...
Top Expert 2010

are both sides ASA devices, can you post configs?
Les MooreSr. Systems Engineer
Top Expert 2008

>Traffic from my side can hit the other office but not vice versa
This generally tells me that the VPN tunnel is up, and the return path is available.
What I've seen too many times is everything really works and that the host on your side that you are trying to hit from the other office, but is failing, is that your host has Windows firewall or another firewall turned on. Applications that you might not even think about, such as Cisco VPN client has a built in firewall that is always on, but can be disabled for a test..
If that is not the case, then please post the configs.

can you check the other office does not filter the traffic initiated from their side?
with packet inspection traffic can return if there is a matching connection but you cannot initiate traffic.
reset the other side and it came up