02-14-2005 02:46 PM - edited 02-20-2020 11:57 PM
Hi,
I'm trying to establish a second site-to-site VPN on one of our Cisco 831 routers for a home user. Our network is such:
London Office: 192.168.0.0 (PIX 515e)
New York Office: 192.168.52.0 (PIX 515e)
Home user: 192.168.100.0 (831 Router)
There is currently a Tunnel setup between London & New York acting a failover for t1. The home user already has a VPN setup to the London office. Home user to New York is the problem.
Can anyone see what I'm missing. IKE state on the New York PIX is QM_IDLE. There is no decap\ encap only errors when I send traffic through. Error status reports that packets sent from New York PIX are a problem, no traffic received.
Config's attached and show cry ip sa from 831....
Any help would be greatly appreciated :)
02-18-2005 11:37 AM
You mentioned that it is giving an error message, but what is the exact error message that it is throwing.
02-18-2005 03:09 PM
When I send traffic across the tunnel (attempt) and view the New York PIX's VPN monitor no decap\encap traffic occurs only values under the error field.
The VPN's source is NY, I think that the fault lies with the 831's ACL setup... ie NY PIX is sending traffic but 831 ACL isn't allowing expected reply.
Looking at the 831 conf, do you agree?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide