10-20-2008 07:14 AM - edited 03-04-2019 03:13 AM
Pls see the attah.
Thanks
Moses
Also post on Network management
10-20-2008 07:33 AM
Post configs of both routers.That will clarify routing info and the VPN networks.
From the config lines from the attachment .
There is " deny " statement in the access list bound to interfaces on both routers for network 192.0.0.0/8 .Check if this is not blocking the ping.
HTH
Saju
Pls rate helpful posts
10-20-2008 08:26 AM
10-20-2008 08:39 AM
yes include 192.0.0.0/8 subnet to the Crypto ACL if you want to encrypt the traffic.
10-20-2008 09:04 AM
Yes lets say i do not want to encrypt the 192.0.0.0/8 traffic. Lets say that i want to deny that traffic. Why is not working with the access list? Does match address of the crypto map interferes with the access list on the interface.
Thanks
Moses
10-20-2008 10:23 AM
Hi Moses,
Since you did not specify 192. network in the Crypto ACL so it will will never go into tunnel(or it will not be encrypted)
I think your ping to 192 network is blocked by the outbound access-list on Router A
try removing it and then test
interface Serial1/3.6 point-to-point
description RouterA
no ip access-group AList out
Extended IP access list AList
10 deny ip 192.0.0.0 0.255.255.255 any =========> this is blocking your ping packets(30 matches)
11 deny ip host 10.9.9.12 any
20 permit ip any any (4576 matches)
HTH
Saju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide