cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Get the latest new and information the November issue of the Cisco Small Business Monthly Newsletter

1484
Views
0
Helpful
5
Replies
Highlighted
Beginner

2 subnets connected through Site-to-Site VPN - can only ping on one

I am having an issue with passing traffic through the VPN tunnel on one of two subnets. A site-to-site VPN has been established throught 2 SA520W's running 2.1.71 firmware.

Site A

Subnet 1 : 192.168.1.0/24

Subnet 2: 10.5.0.0/24

Site B

Subnet 1: 10.15.0.0/24

There are 2 VPN Policies created for each subnet that share the IKE Policy for the VPN Tunnel. When I display the IPSec VPN Status, both VPN Tunnel/Polices show that they are established from both sides. From Site B, I cannot ping or access remote resources in subnet 1. From Site A, I am not able to ping or access remote resources in Site B from a host on subnet 1.

I have disabled/enabled the policies on both sides (and have also restarted the SA520W's) without success.

I have not seen any issues reported in the logs.                

5 REPLIES 5
Advocate

2 subnets connected through Site-to-Site VPN - can only ping on

Hi Doug, to clarify, does both routers contain 2 IKE and VPN policy and you have correctly identified the IKE policies within the VPN policies to match up?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Beginner

2 subnets connected through Site-to-Site VPN - can only ping on

Hello Tom,

Both routers have 2 VPN Polices (1 for each subnet in Site A) which point back to 1 IKE policy.

Regards,

Doug

Advocate

2 subnets connected through Site-to-Site VPN - can only ping on

Doug, please try to make a second IKE then on the VPN policy, at the bottom, there is a drop down to associate the IKE to the VPN policy. For the second IKE policy, make it slightly different, obviously different name.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Beginner

2 subnets connected through Site-to-Site VPN - can only ping on

Tom, I was able to create the 2nd IKE on both routers and then disabled the VPN policies on both sides, switched 1 set on each to use the 2nd IKE and then enabled the policies again on both sides. Both tunnels connected, however I have the same results - not able to ping hosts in the 10.15.0.0 network from the 192.168.1.0 subnet and vice versa. When I attempt to access a shared folder \\10.15.0.x\share the path cannot be found. When I view the status of the IPSec VPNs, I did notice that the counter shows activity through the connection from Site A, but nothing from Site B

Advocate

2 subnets connected through Site-to-Site VPN - can only ping on

Doug, would you mind to share screen shots of the VPN policies?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/