01-19-2008 06:54 AM - edited 02-21-2020 03:29 PM
I have a problem with a site to site VPN tunnel.
I have setup a tunnel with a remote site (138.3.0.0/16) to my site (10.212.0.0/16 10.147.108.0/24). The remote site can initiate Phase 2 but does not get a ping response.
Phase 2 is not even attempted when the local site pings a server on the remote site. Please could someone help resolve the problem or advise how I can troubleshoot the connection? How can I monitor traffic in the VPN tunnel?
Config attached
01-19-2008 11:19 PM
You have access-lists applied on the inside and dmz interface and I do not configuration permitting traffic from 10.212.0.0/16 10.147.108.0/24 going to 138.3.0.0/16.
Please configure the permit statements and then test the IPSEC Tunnel.
Regards,
Arul
01-20-2008 02:20 AM
Thanks for the reply:
The N2_outbound access-lis:
access-list N3_outbound extended permit ip any any
is applied to the inside interface:
access-group N3_outbound in interface inside
and permits traffic from the inside to dmz3.
There is no statement that allows 138.3.0.0/16 back into the dmz3 interface, but I thought that the vpn tunnel would by-pass the ACL. Please could you advice what statements are required?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: