Solved: Re: IPSec site to site VPN possible acl issue

roharris33 · ‎12-02-2018

I have conifigured a IPSEC tunnel between a remote site and the corporate office. I configured the IP helper on the interfaces so the devices will contact the corporate DHCP server....so nothing is natt'ed. The tunnel comes up just fine. I can access the loopback from the corporate office but nothing else. None of the clients are picking up an IP address. The routing looks good but when I perform a trace from the far end to the head end it doesn't look like the trace is leaving the far end's interface. I suspect its an acl issue but my acl's look good. Any ideas?

marce1000 · ‎12-03-2018

- You need to allow multicast over VPN too, check this link :

https://www.draytek.com/en/faq/faq-vpn/vpn.others/how-to-use-dhcp-relay-over-an-ipsec-tunnel/

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎12-03-2018

- You need to allow multicast over VPN too, check this link :

https://www.draytek.com/en/faq/faq-vpn/vpn.others/how-to-use-dhcp-relay-over-an-ipsec-tunnel/

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

roharris33 · ‎12-03-2018

Thanks for the reply. I can't ping anything on the corporate network. I can't even ping the gateway of the tunnel. So I don't think this is a multicast issue. My route map is pointing to the gateway of the tunnel, and I've applied that statement to the VLAN's interfaces.