Showing results for 
Search instead for 
Did you mean: 

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.


2 subnets connected through Site-to-Site VPN - can only ping on one

I am having an issue with passing traffic through the VPN tunnel on one of two subnets. A site-to-site VPN has been established throught 2 SA520W's running 2.1.71 firmware.

Site A

Subnet 1 :

Subnet 2:

Site B

Subnet 1:

There are 2 VPN Policies created for each subnet that share the IKE Policy for the VPN Tunnel. When I display the IPSec VPN Status, both VPN Tunnel/Polices show that they are established from both sides. From Site B, I cannot ping or access remote resources in subnet 1. From Site A, I am not able to ping or access remote resources in Site B from a host on subnet 1.

I have disabled/enabled the policies on both sides (and have also restarted the SA520W's) without success.

I have not seen any issues reported in the logs.                

Tom Watts

Hi Doug, to clarify, does both routers contain 2 IKE and VPN policy and you have correctly identified the IKE policies within the VPN policies to match up?

Please mark answered for helpful posts

-Tom Please mark answered for helpful posts

Hello Tom,

Both routers have 2 VPN Polices (1 for each subnet in Site A) which point back to 1 IKE policy.



Doug, please try to make a second IKE then on the VPN policy, at the bottom, there is a drop down to associate the IKE to the VPN policy. For the second IKE policy, make it slightly different, obviously different name.

Please mark answered for helpful posts

-Tom Please mark answered for helpful posts

Tom, I was able to create the 2nd IKE on both routers and then disabled the VPN policies on both sides, switched 1 set on each to use the 2nd IKE and then enabled the policies again on both sides. Both tunnels connected, however I have the same results - not able to ping hosts in the network from the subnet and vice versa. When I attempt to access a shared folder \\10.15.0.x\share the path cannot be found. When I view the status of the IPSec VPNs, I did notice that the counter shows activity through the connection from Site A, but nothing from Site B

Doug, would you mind to share screen shots of the VPN policies?

Please mark answered for helpful posts

-Tom Please mark answered for helpful posts