Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1939
Views
0
Helpful
15
Replies

Site-to-Site IPSec VPN only passes traffic one-way...mostly

sdrossen2
Level 1
Level 1

‎04-09-2008 07:10 AM - edited ‎03-03-2019 09:29 PM

I have a odd problem with a new VPN we setup. Its a 2851 <--> Openswan Linux box. They tunnel comes up just fine. On the 2851 side we have a /24 and on the Openswan side we have a /19 and a /26. You can ping from any device in these ranges to any other. Even adjusting the ping to 1500 bytes it all works. Now the first thing we tried to do after this was SSH. We can ssh from the /19 (site b, behind the Openswan) to the /24 (site a, 2851) all day long without issue. We can also do the opposite (site a to site b /19). We also can SSH from the 2851 /24 to the Openswan /26. However the /26 at site b can not ssh to the 2851 /24. Watching the logs and such we can see the ssh packet gets to the box and the box sends a response just the 2851 does not sends the reply down the tunnel. It just seems to ignore it. I can not seem to find why 2851 will not send an ssh session initiated from b /26 back to it when it will send a session initiated from a /24 down to the b /26.

Both the /19 and /26 are in the same ACL, just the /26 is not working fully.

Used the SDM to setup the tunnel.

That make sense? Need configs?

Labels:
0 Helpful
15 Replies 15

sundar.palaniappan
Level 10
Level 10
In response to sdrossen2

‎04-14-2008 07:12 AM

Glad to hear you got it to work :-)

It really didn't make sense before that the router would just not encrypt SSH traffic from that host.

You got to feel very relieved now!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card