cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
467
Views
0
Helpful
1
Replies

Inside host appearing on the wrong interface

kenny.kerns
Level 1
Level 1

Hi Everyone,

I'm having a bit of difficulty understanding this one.

I am trying to reach a host in a remote datacenter over an IPSEC VPN, but my source host is apearing on the same interface as my destination host.

I am 172.16.15.92 (inside) and am trying to https to 10.20.104.17 (ipsec_dmz) but I am being blocked on the access-list that is protecting my inside hosts from the DMZ.

This is the syslog of the deny and as you can see my inside host is appearing on the DMZ interface.

6 Aug 19 2011 12:02:07 106100 172.16.15.92 49548 10.20.104.17 443 access-list acl_ipsec_inbound denied tcp ipsec_dmz/172.16.15.92(49548) -> ipsec_dmz/10.20.104.17(443) hit-cnt 1 first hit [0xdf8a308a, 0x0]

It should look like this, but i am struggling to see why its not.

6 Aug 19 2011 12:01:26 302013 172.16.15.92 49539 10.20.104.16 443 Built outbound TCP connection 168280492 for ipsec_dmz:10.20.104.17/443 (10.20.104.16/443) to inside:172.16.15.92/49539 (172.16.15.92/49539)

I have a no-nat statement for 172.16.0.0/16 to 10.20.0.0 and am able to connect to other servers in the 10.20.0.0/16 network.

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

Can you please share your configuration so we can see if it is misconfiguration on the routing or NAT. Thx.