cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

interesting traffic vpn

638
Views
5
Helpful
5
Comments
suthomas1
Frequent Contributor

Hello everyone,

 

In an ipsec vpn (one site to another site), is interesting traffic(ip addresses .eg 10.1.10./24 or 10.1.2.0/24) important for bringing the tunnel up? which phase does interesting traffic for both sides of traffic get checked and whether this has any impact on getting the tunnel up.

 

 

5 Comments
balaji.bandi
VIP Master

Phase 2 where the interesting traffic will be communicated. (it all depends on where the VPN terminating is this cisco to cisco or cisco to other cloud providers).

 

here is the good guide to understanding VPN :

 

https://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-0-1/user/guide/CSMUserGuide_wrapper/vpchap.pdf

suthomas1
Frequent Contributor

the tunnel is terminating on a non-cisco device at the other side.

balaji.bandi
VIP Master

what is the issue here when you terminating with non-cisco (what device ) ?) - do you have any issue?

suthomas1
Frequent Contributor

phase2 seem to be almost there , but didn't come up. All other usual proposals...DH grp, PFS etc. were looked to be fine. the other side had 6 subnets listed for traffic whereas our end has only 5 listed. as that last ip range needed checks to confirm , further checks were stopped.

Does that mean traffic ranges on both side have to be same?

 

balaji.bandi
VIP Master

Yes, I do see some time non-cisco vendor look forward to matching everything (major vendor they will not) - but ruled out as you pointed some time they do check, to confirm, who is non-cisco vendor FW we are referring to get clarity to confirm.

 

also, if you can post that P2 VPN errors to understand the issue better here,

 

Content for Community-Ad