Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
0
Helpful
1
Replies

2951 Router and IPSec VPN Tunnels

rsentelle6
Level 1
Level 1

‎05-11-2016 07:23 AM - edited ‎03-05-2019 03:59 AM

Having issues with VPN Tunnel.  We have established the IPsec tunnel to UK offices, and established it with only one subnet 172.20.0.0.  We now need to go back and add several other subnets that will be reachable over the tunnel.  Provider in the UK has added all subnets into their end of the tunnel, and I thought I'd added them from my end.  Running Configuration is attached.  Am I missing something in the config that won't allow any other traffic from other EMEA subnets to traverse the tunnel?  Thanks for any insights

Labels:
Preview file
9 KB
0 Helpful
1 Reply 1

David_Che
Level 1
Level 1

‎05-11-2016 08:20 AM

You should also update your NAT ACL to exempt all the tunneled traffic, furthermore, you can not add the deny entry after the permit entry as it will have no any effect.

deny all the traffic need to be ipsec tunneled

then permit all the other traffic need to be NAT in ACL 120

access-list 120 deny   ip 172.16.5.0 0.0.0.127 172.20.0.0 0.0.0.255
access-list 120 remark CCP_ACL Cateogry=18
access-list 120 permit ip 172.16.5.0 0.0.0.127 any
access-list 120 permit ip 192.168.24.0 0.0.0.63 any
access-list 120 permit ip 172.16.8.128 0.0.0.127 any
access-list 120 permit ip 192.168.24.0 0.0.0.255 any
access-list 120 deny   ip 172.16.5.0 0.0.0.127 172.20.2.0 0.0.0.127
access-list 120 remark AZURE
access-list 120 deny   ip 172.16.5.0 0.0.0.127 172.20.15.0 0.0.0.255

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card