I'm stumped here, for one of my tunnels I have a subnet thats is working:
-show crypto ipsec:
Crypto map tag: ntelagent, seq num: 7, local addr: 64.38.3.18
access-list VPNTunnel9 permit ip host hl7a.int6 204.145.246.0 255.255.255.0
local ident (addr/mask/prot/port): (hl7a.int6/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (204.145.246.0/255.255.255.0/0/0)
current_peer: 72.158.65.147
#pkts encaps: 19, #pkts encrypt: 19, #pkts digest: 19
#pkts decaps: 5, #pkts decrypt: 5, #pkts verify: 5
local crypto endpt.: 64.38.3.18, remote crypto endpt.: 72.158.65.147
Yet on the same tunnel I cannot get encrypts to a different host on the encryption domain:
-
access-list VPNTunnel9 permit ip host hl7a.int6 host 10.10.0.43
local ident (addr/mask/prot/port): (hl7a.int6/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.10.0.43/255.255.255.255/0/0)
current_peer: 72.158.65.147
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 323, #pkts decrypt: 323, #pkts verify: 323
local crypto endpt.: 64.38.3.18, remote crypto endpt.: 72.158.65.147
The configurations ACL configurations are identical for the crypto map and the no-nat:
access-list VPNTunnel9 extended permit ip host hl7a.int6 204.145.246.0 255.255.255.0
access-list VPNTunnel9 extended permit ip host hl7a.int6 host 10.10.0.43
access-list nonat extended permit ip host hl7a.int6 204.145.246.0 255.255.255.0
access-list nonat extended permit ip host hl7a.int6 host 10.10.0.43
Anyone have any ideas please??? If I'm getting decrypts but no encrypts that would mean the issue is on my side, right?