cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
0
Helpful
12
Replies

Cisco to WatchGuard VPN Tunnel Cant Ping machines only the routers

WizJ
Beginner
Beginner

Reading this post has led me to believe i have a ip route issue. https://community.cisco.com/t5/vpn/cannot-ping-machines-on-remote-subnet-while-site-to-site-vpn/td-p/1469344

Cisco 1921 -> 192.168.1.1  Machine on 192.168.1.2

WG T20 -> 10.0.1.1 Machine on 10.0.1.25

WG can ping the machine and vica versa. Same with Cisco. Neither can ping the other network. I had ip route setup early on that was 0.0.0.0 0.0.0.0 XX.XXX.253.97 (Which is the gateway of the ISP Modem) and i have no idea why i did that. When that was used i was able to at least get a ping response from the other routers ip. I could ping 10.0.1.1 from machine @ 192.168.1.2 as well as the other way around. I was not able to ping the opposing Machine though. What i need is basically all traffic from 192.168 network to go to the 10.0 network. This specific setup is for testing. I simply need to be able to send data from the 192 network to the machine @ 10.0.1.25. I have attached the Cicso config.

Any help would be appreciated. I am a networking noob.

1 Accepted Solution

Accepted Solutions

@WizJ not talking about blocking traffic, but you need to explictly permit traffic over the VPN - it's important as the configuration on the other end needs to mirror the ACL configuration.

# Crypto map ACL to encrypt traffic from 192.168.1.0/24 to 10.0.1.0/24 network.
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.0.1.0 0.0.0.255

# NAT ACL - NAT traffic to the internet and to ensure traffic from 192.168.1.0/24 to 10.0.1.0/24 over the VPN is not translated
access-list 102 deny ip 192.168.1.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
!
ip nat inside source list 102 interface GigabitEthernet0/0 overload

View solution in original post

12 Replies 12

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend