topic Re: side-to-side vpn only comunicating in one direction in Network Security https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293634#M950833 <HTML><HEAD></HEAD><BODY><P>NW-Polen 255.255.255.0 </P><P>access-list outside_3_cryptomap extended permit ip NW-Buchholz 255.255.255.0 NW-INTEX 255.255.255.0 </P><P>access-list outside_4_cryptomap extended permit ip NW-Buchholz 255.255.255.0 NW-Martinnet 255.255.255.0 </P><P>access-list outside_access_in extended permit icmp any any log notifications </P><P>access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 NW-Buchholz 255.255.255.0 </P><P>access-list outside_access_in extended permit udp object-group DM_INLINE_NETWORK_2 NW-Buchholz 255.255.255.0 </P><P>access-list outside_cryptomap_1 extended permit ip NW-Buchholz 255.255.255.0 NW-Muenster 255.255.255.0 </P><P>access-list outside_cryptomap_2 extended permit ip NW-Buchholz 255.255.255.0 NW-Muenster 255.255.255.0 </P><P>access-list inside_nat0_outbound_1 extended permit ip NW-Buchholz 255.255.255.0 NW-Muenster 255.255.255.0 </P><P>pager lines 24</P><P>logging enable</P><P>logging asdm informational</P><P>no logging message 302021</P><P>no logging message 302020</P><P>mtu inside 1500</P><P>mtu outside 1500</P><P>mtu dmz 1500</P><P>ip local pool makeIT 192.168.116.100-192.168.116.110 mask 255.255.255.0</P><P>ip local pool VPN-Brands-Admin 192.168.117.100-192.168.117.110 mask 255.255.255.0</P><P>ip local pool VPN-Brands-GS 192.168.118.100-192.168.118.110 mask 255.255.255.0</P><P>ip local pool VPN-Extern 192.168.121.100-192.168.121.110 mask 255.255.255.0</P><P>ip local pool VPN-Brands-Sales 192.168.119.100-192.168.119.110 mask 255.255.255.0</P><P>ip local pool VPN-Brands-CM 192.168.120.100-192.168.120.110 mask 255.255.255.0</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>asdm image disk0:/asdm-621.bin</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 interface</P><P>nat (inside) 0 access-list inside_nat0_outbound</P><P>nat (inside) 0 access-list inside_nat0_outbound_1 outside</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>access-group outside_access_in in interface outside</P><P>route outside 0.0.0.0 0.0.0.0 85.112.230.125 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P></P><P></P></BODY></HTML> Mon, 27 Jul 2009 06:11:41 GMT NadineMeins 2009-07-27T06:11:41Z side-to-side vpn only comunicating in one direction https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293631#M950830 <P>Hi all together,</P><P></P><P>My problem is that I have a running vpn connection between cisco asa 5505 and a LANCOM 1711 VPN that is only letting traffic through in one direction. Meaning I can ping and act via Windows RDP from the net behind the Cisco (net 192.168.115.0/255.255.255.0) to the LANCOM-net (192.168.0.0./255.255.255.0) but it is not working in the other direction.</P><P></P><P>On the Cisco net there has been used an other LANCOM before und the VPN was working without problems. We now just took the configuration and fixed it to the Cisco. </P><P></P><P>And as the tunnel is established I do not see the reason why the LANCOM packages do not come though. In the Syslog of the Cisco there is no reaction.</P><P></P><P>Can anybody help?</P> Fri, 21 Feb 2020 11:35:21 GMT https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293631#M950830 NadineMeins 2020-02-21T11:35:21Z Re: side-to-side vpn only comunicating in one direction https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293632#M950831 <HTML><HEAD></HEAD><BODY><P>This could be due to numerous reasons routing related, NAT in the transit path, ESP being blocked, can you post your configurations? Also have you enabled NAT-T?</P><P></P><P>Also have a look at:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution11" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution11</A></P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Sat, 25 Jul 2009 05:38:31 GMT https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293632#M950831 Farrukh Haroon 2009-07-25T05:38:31Z Re: side-to-side vpn only comunicating in one direction https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293633#M950832 <HTML><HEAD></HEAD><BODY><P>Hi!</P><P></P><P>Thx for replying.</P><P></P><P>This is my configuration:</P><P></P><P> Saved</P><P>:</P><P>ASA Version 8.2(1) </P><P>!</P><P>hostname ASABrandsDEBU</P><P>domain-name brands.local</P><P>enable password fuuwAM47BOb7KkRB encrypted</P><P>passwd 906qOuTz0f2InvIK encrypted</P><P>names</P><P>name 85.112.230.6x Internet description Internet</P><P>name 192.168.116.96 VPN-makeIT description VPN-makeIT</P><P>name 192.168.115.10 SRV-BrandsS01 description SRV-BrandsS01</P><P>name 192.168.115.30 SRV-BrandsS03 description SRV-BrandsS03</P><P>name 192.168.115.25 SRV-Testserver description SRV-Testserver</P><P>name 217.146.152.10x GW-INTEX description GW-INTEX</P><P>name 62.153.136.22x GW-Martinnet description GW-Martinnet</P><P>name 62.72.79.19x GW-Muenster description GW-Muenster</P><P>name 213.76.140.222 GW-Polen description GW-Polen</P><P>name 192.168.115.0 NW-Buchholz description NW-Buchholz</P><P>name 192.168.114.0 NW-DMZ description NW-DMZ</P><P>name 192.168.0.0 NW-Muenster description NW-Muenster</P><P>name 192.168.19.0 NW-Polen description NW-Polen</P><P>name 192.168.117.96 VPN-Brands-Admin description VPN-Brands-Admin</P><P>name 192.168.120.96 VPN-Brands-CM description VPN-Brands-CM</P><P>name 192.168.118.96 VPN-Brands-GS description VPN-Brands-GS</P><P>name 192.168.119.96 VPN-Brands-Sales description VPN-Brands-Sales</P><P>name 192.168.121.96 VPN-Extern description VPN-Extern</P><P>name 194.49.23.0 NW-INTEX description NW-INTEX</P><P>name 212.185.56.0 NW-Martinnet description NW-Martinnet</P><P>!</P><P>interface Vlan1</P><P> nameif inside</P><P> security-level 100</P><P> ip address 192.168.115.1 255.255.255.0 </P><P>!</P><P>interface Vlan2</P><P> nameif outside</P><P> security-level 0</P><P> ip address 85.112.230.12x 255.255.255.252 </P><P>!</P><P>interface Vlan3</P><P> no forward interface Vlan1</P><P> nameif dmz</P><P> security-level 50</P><P> ip address 192.168.114.1 255.255.255.0 </P><P>!</P><P>interface Ethernet0/0</P><P> switchport access vlan 2</P><P>!</P><P>interface Ethernet0/1</P><P>!</P><P>interface Ethernet0/2</P><P>!</P><P>interface Ethernet0/3</P><P>!</P><P>interface Ethernet0/4</P><P>!</P><P>interface Ethernet0/5</P><P>!</P><P>interface Ethernet0/6</P><P>!</P><P>interface Ethernet0/7</P><P> switchport access vlan 3</P><P>!</P><P>boot system disk0:/asa821-k8.bin</P><P>ftp mode passive</P><P>clock timezone CEST 1</P><P>clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00</P><P>dns domain-lookup inside</P><P>dns domain-lookup outside</P><P>dns domain-lookup dmz</P><P>dns server-group DefaultDNS</P><P> domain-name brands.local</P><P>same-security-traffic permit intra-interface</P><P>object-group network DM_INLINE_NETWORK_1</P><P> network-object NW-Muenster 255.255.255.0</P><P> network-object host GW-Muenster</P><P>object-group network DM_INLINE_NETWORK_2</P><P> network-object NW-Muenster 255.255.255.0</P><P> network-object host GW-Muenster</P><P>access-list makeIT_splitTunnelAcl standard permit NW-Buchholz 255.255.255.0 </P><P>access-list inside_nat0_outbound extended permit ip NW-Buchholz 255.255.255.0 VPN-makeIT 255.255.255.240 </P><P>access-list inside_nat0_outbound extended permit ip NW-Buchholz 255.255.255.0 VPN-Brands-Admin 255.255.255.240 </P><P>access-list inside_nat0_outbound extended permit ip NW-Buchholz 255.255.255.0 VPN-Brands-GS 255.255.255.240 </P><P>access-list inside_nat0_outbound extended permit ip NW-Buchholz 255.255.255.0 VPN-Brands-Sales 255.255.255.240 </P><P>access-list inside_nat0_outbound extended permit ip NW-Buchholz 255.255.255.0 VPN-Brands-CM 255.255.255.240 </P><P>access-list inside_nat0_outbound extended permit ip NW-Buchholz 255.255.255.0 VPN-Extern 255.255.255.240 </P><P>access-list inside_nat0_outbound extended permit ip NW-Buchholz 255.255.255.0 NW-Polen 255.255.255.0 </P><P>access-list inside_nat0_outbound extended permit ip NW-Buchholz 255.255.255.0 NW-Martinnet 255.255.255.0 </P><P>access-list Brands-Admin_splitTunnelAcl standard permit NW-Buchholz 255.255.255.0 </P><P>access-list Brands-GS_splitTunnelAcl standard permit NW-Buchholz 255.255.255.0 </P><P>access-list Brands-Sales_splitTunnelAcl standard permit NW-Buchholz 255.255.255.0 </P><P>access-list Brands-CM_splitTunnelAcl standard permit NW-Buchholz 255.255.255.0 </P><P>access-list Extern_splitTunnelAcl standard permit NW-Buchholz 255.255.255.0 </P><P>access-list outside_cryptomap extended permit ip NW-Buchholz 255.255.255.0 NW-Muenster 255.255.255.0 </P><P>access-list outside_2_cryptomap extended permit ip NW-Buchholz 255.255.255.0 </P></BODY></HTML> Mon, 27 Jul 2009 06:10:38 GMT https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293633#M950832 NadineMeins 2009-07-27T06:10:38Z Re: side-to-side vpn only comunicating in one direction https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293634#M950833 <HTML><HEAD></HEAD><BODY><P>NW-Polen 255.255.255.0 </P><P>access-list outside_3_cryptomap extended permit ip NW-Buchholz 255.255.255.0 NW-INTEX 255.255.255.0 </P><P>access-list outside_4_cryptomap extended permit ip NW-Buchholz 255.255.255.0 NW-Martinnet 255.255.255.0 </P><P>access-list outside_access_in extended permit icmp any any log notifications </P><P>access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 NW-Buchholz 255.255.255.0 </P><P>access-list outside_access_in extended permit udp object-group DM_INLINE_NETWORK_2 NW-Buchholz 255.255.255.0 </P><P>access-list outside_cryptomap_1 extended permit ip NW-Buchholz 255.255.255.0 NW-Muenster 255.255.255.0 </P><P>access-list outside_cryptomap_2 extended permit ip NW-Buchholz 255.255.255.0 NW-Muenster 255.255.255.0 </P><P>access-list inside_nat0_outbound_1 extended permit ip NW-Buchholz 255.255.255.0 NW-Muenster 255.255.255.0 </P><P>pager lines 24</P><P>logging enable</P><P>logging asdm informational</P><P>no logging message 302021</P><P>no logging message 302020</P><P>mtu inside 1500</P><P>mtu outside 1500</P><P>mtu dmz 1500</P><P>ip local pool makeIT 192.168.116.100-192.168.116.110 mask 255.255.255.0</P><P>ip local pool VPN-Brands-Admin 192.168.117.100-192.168.117.110 mask 255.255.255.0</P><P>ip local pool VPN-Brands-GS 192.168.118.100-192.168.118.110 mask 255.255.255.0</P><P>ip local pool VPN-Extern 192.168.121.100-192.168.121.110 mask 255.255.255.0</P><P>ip local pool VPN-Brands-Sales 192.168.119.100-192.168.119.110 mask 255.255.255.0</P><P>ip local pool VPN-Brands-CM 192.168.120.100-192.168.120.110 mask 255.255.255.0</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>asdm image disk0:/asdm-621.bin</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 interface</P><P>nat (inside) 0 access-list inside_nat0_outbound</P><P>nat (inside) 0 access-list inside_nat0_outbound_1 outside</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>access-group outside_access_in in interface outside</P><P>route outside 0.0.0.0 0.0.0.0 85.112.230.125 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P></P><P></P></BODY></HTML> Mon, 27 Jul 2009 06:11:41 GMT https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293634#M950833 NadineMeins 2009-07-27T06:11:41Z Re: side-to-side vpn only comunicating in one direction https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293635#M950834 <HTML><HEAD></HEAD><BODY><P>http server enable</P><P>http NW-Buchholz 255.255.255.0 inside</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac </P><P>crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac </P><P>crypto ipsec security-association lifetime seconds 28800</P><P>crypto ipsec security-association lifetime kilobytes 4608000</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs </P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5</P><P>crypto map outside_map 1 match address outside_cryptomap_2</P><P>crypto map outside_map 1 set pfs </P><P>crypto map outside_map 1 set peer GW-Muenster </P><P>crypto map outside_map 1 set transform-set ESP-3DES-MD5 ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-DES-SHA ESP-DES-MD5</P><P>crypto map outside_map 1 set security-association lifetime seconds 43200</P><P>crypto map outside_map 1 set security-association lifetime kilobytes 200000</P><P>crypto map outside_map 1 set reverse-route</P><P>crypto map outside_map 2 match address outside_2_cryptomap</P><P>crypto map outside_map 2 set pfs </P><P>crypto map outside_map 2 set peer GW-Polen </P><P>crypto map outside_map 2 set transform-set ESP-3DES-MD5</P><P>crypto map outside_map 2 set security-association lifetime seconds 2013</P><P>crypto map outside_map 2 set security-association lifetime kilobytes 200000</P><P>crypto map outside_map 3 match address outside_3_cryptomap</P><P>crypto map outside_map 3 set pfs group5</P><P>crypto map outside_map 3 set peer GW-INTEX </P><P>crypto map outside_map 3 set transform-set ESP-AES-128-MD5</P><P>crypto map outside_map 3 set security-association lifetime seconds 3600</P><P>crypto map outside_map 3 set security-association lifetime kilobytes 200000</P><P>crypto map outside_map 4 match address outside_4_cryptomap</P><P>crypto map outside_map 4 set pfs </P><P>crypto map outside_map 4 set peer GW-Martinnet </P><P>crypto map outside_map 4 set transform-set ESP-AES-128-MD5</P><P>crypto map outside_map 4 set security-association lifetime seconds 3600</P><P>crypto map outside_map 4 set security-association lifetime kilobytes 200000</P><P>crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP</P><P>crypto map outside_map interface outside</P><P>crypto isakmp enable outside</P><P>crypto isakmp policy 10</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash md5</P><P> group 2</P><P> lifetime none</P><P>telnet NW-Buchholz 255.255.255.0 inside</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>console timeout 0</P><P>dhcpd auto_config outside</P><P>!</P><P></P><P>threat-detection basic-threat</P><P>threat-detection statistics port</P><P>threat-detection statistics protocol</P><P>threat-detection statistics access-list</P><P>threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200</P><P>webvpn</P><P>group-policy Brands-GS internal</P><P>group-policy Brands-GS attributes</P><P> dns-server value 192.168.115.14 192.168.115.7</P><P> vpn-tunnel-protocol IPSec </P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value Brands-GS_splitTunnelAcl</P><P> default-domain value brands.local</P><P></P></BODY></HTML> Mon, 27 Jul 2009 06:13:06 GMT https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293635#M950834 NadineMeins 2009-07-27T06:13:06Z Re: side-to-side vpn only comunicating in one direction https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293636#M950835 <HTML><HEAD></HEAD><BODY><P>group-policy Brands-Sales internal</P><P>group-policy Brands-Sales attributes</P><P> dns-server value 192.168.115.14 192.168.115.7</P><P> vpn-tunnel-protocol IPSec </P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value Brands-Sales_splitTunnelAcl</P><P> default-domain value brands.local</P><P>group-policy Brands-CM internal</P><P>group-policy Brands-CM attributes</P><P> dns-server value 192.168.115.14 192.168.115.7</P><P> vpn-tunnel-protocol IPSec </P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value Brands-CM_splitTunnelAcl</P><P> default-domain value brands.local</P><P>group-policy Brands-Admin internal</P><P>group-policy Brands-Admin attributes</P><P> dns-server value 192.168.115.14 192.168.115.7</P><P> vpn-tunnel-protocol IPSec </P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value Brands-Admin_splitTunnelAcl</P><P> default-domain value brands.local</P><P>group-policy DfltGrpPolicy attributes</P><P> vpn-filter value Brands-Sales_splitTunnelAcl</P><P> vpn-tunnel-protocol IPSec </P><P>group-policy makeIT internal</P><P>group-policy makeIT attributes</P><P> dns-server value 192.168.115.14 192.168.115.7</P><P> vpn-tunnel-protocol IPSec </P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value makeIT_splitTunnelAcl</P><P> default-domain value brands.local</P><P>group-policy Extern internal</P><P>group-policy Extern attributes</P><P> dns-server value 192.168.115.14 192.168.115.7</P><P> vpn-tunnel-protocol IPSec </P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value Extern_splitTunnelAcl</P><P> default-domain value brands.local</P><P>username system password gC7MwUUDUbHTlU48 encrypted privilege 15</P><P>username makeIT password ZBxNX0An9ytNgYIf encrypted privilege 0</P><P>username makeIT attributes</P><P> vpn-group-policy makeIT</P><P>username s.behrendt password l1rPzoB4p6dBQwin encrypted</P><P>username s.behrendt attributes</P><P> group-lock value Brands-Sales</P><P> service-type remote-access</P><P>tunnel-group makeIT type remote-access</P><P>tunnel-group makeIT general-attributes</P><P> address-pool makeIT</P><P> default-group-policy makeIT</P><P>tunnel-group makeIT ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group Brands-Admin type remote-access</P><P>tunnel-group Brands-Admin general-attributes</P><P> address-pool VPN-Brands-Admin</P><P> default-group-policy Brands-Admin</P><P>tunnel-group Brands-Admin ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group Brands-GS type remote-access</P><P>tunnel-group Brands-GS general-attributes</P><P> address-pool VPN-Brands-GS</P><P> default-group-policy Brands-GS</P><P>tunnel-group Brands-GS ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group Brands-Sales type remote-access</P><P>tunnel-group Brands-Sales general-attributes</P><P> address-pool VPN-Brands-Sales</P><P> default-group-policy Brands-Sales</P><P>tunnel-group Brands-Sales ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group Brands-CM type remote-access</P><P>tunnel-group Brands-CM general-attributes</P><P> address-pool VPN-Brands-CM</P><P> default-group-policy Brands-CM</P><P>tunnel-group Brands-CM ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group Extern type remote-access</P><P>tunnel-group Extern general-attributes</P><P> address-pool VPN-Extern</P><P> default-group-policy Extern</P><P>tunnel-group Extern ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group 62.72.79.19x type ipsec-l2l</P><P></P><P>tunnel-group 62.72.79.19x ipsec-attributes</P><P> pre-shared-key *</P><P> isakmp keepalive disable</P><P>tunnel-group 213.76.140.22x type ipsec-l2l</P><P>tunnel-group 213.76.140.22x ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group 217.146.152.10x type ipsec-l2l</P><P>tunnel-group 217.146.152.10x ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group 62.153.136.22x type ipsec-l2l</P><P>tunnel-group 62.153.136.22x ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group GW-Muenster type ipsec-l2l</P><P>tunnel-group GW-Muenster ipsec-attributes</P><P> pre-shared-key *</P><P> peer-id-validate nocheck</P><P>!</P><P>class-map inspection_default</P><P> match default-inspection-traffic</P><P>!</P><P>!</P><P>policy-map type inspect dns preset_dns_map</P><P> parameters</P><P> message-length maximum 512</P><P></P><P></P></BODY></HTML> Mon, 27 Jul 2009 06:15:08 GMT https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293636#M950835 NadineMeins 2009-07-27T06:15:08Z Re: side-to-side vpn only comunicating in one direction https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293637#M950836 <HTML><HEAD></HEAD><BODY><P>policy-map global_policy</P><P> class inspection_default</P><P> inspect dns preset_dns_map </P><P> inspect ftp </P><P> inspect h323 h225 </P><P> inspect h323 ras </P><P> inspect rsh </P><P> inspect rtsp </P><P> inspect esmtp </P><P> inspect sqlnet </P><P> inspect skinny </P><P> inspect sunrpc </P><P> inspect xdmcp </P><P> inspect sip </P><P> inspect netbios </P><P> inspect tftp </P><P>!</P><P>service-policy global_policy global</P><P>prompt hostname context </P><P>Cryptochecksum:469d3ac0a382f10168df95e82daf916a</P><P>: end</P><P></P><P>In addition: The problems I have wit NW-Muenster and GW-Muenster. The others have not been tested jet. NAT-T is enabled.</P><P></P><P>Thanks a lot!</P><P>Nadine</P></BODY></HTML> Mon, 27 Jul 2009 06:20:24 GMT https://community.cisco.com/t5/network-security/side-to-side-vpn-only-comunicating-in-one-direction/m-p/1293637#M950836 NadineMeins 2009-07-27T06:20:24Z