Lan to Lan VPN, traffic dont pass on tunnel

kapishmohole.cisco · ‎12-21-2005

Hi,

I am tying to establish LAN to LAN VPN using two VPN concentrators with public IPs assigned.

Details-

Local range 192.168.1.0/24

Remote range 10.0.0.0/8

I have configures IKE, IPsec parameters, tunnel gets established. Also defined filter rule to define traffic to be encrypted on tunnel. Routing is also proper.

But the user traffic isn’t going on tunnel, not able to ping end devices.

Is NATing compulsory in this case?

Also, SA defined for filter rule is in transport mode. I tried both tunnel and transport mode.

One thing I observed is that, concentrator is forwarding user traffic to next hope/internet router but the IP header is the same, its with original IPs (private IPs, 192.xxx). The packet I am receiving on local internet router from local concentrator is with its original/private IP. Because of this router is not able to route, rather user traffic is not able to get on internet.

I guess in tunnel, all traffic should be carried under public IP of concentrator.

What is the problem in this?

Regards

sachinraja · ‎12-21-2005

Hello Kapish,

Is the site-to-site tunnel coming up? I guess this should be a problem with the VPN connection. If the crypto ACLs are defined properly, the packets will never pass through the VPN concentrator. NAT is not required here, as the end networks are seperate and not overlapping !!!!

Just look for the Event log to determine the problem. Select Monitoring -> Live Event log and see the error message !!!

Regards

Raj