02-23-2010 10:23 AM
I have 2 L2L tunnels set up with two outside contractors. I am using a 3005 device and the tunnels are up and active. Each contractor is able to pass traffic to my local network (ping devices on our private IP) however I am not able to get to their local networks. If I trace from our internal network to an IP on the contractor's side, the packets hit our concentrator and then take the default route out to the external interface of the VPNC and stop. It was my understanding that once a tunnel is up, the VPNC should know where to route traffic destined for that tunnel. However this is not the case. I'm not sure what I'm doing wrong.
02-25-2010 08:34 AM
Hi,
Need to make sure that you have the interesting traffic defined correctly on your end (VPN Concentrator). Mirror of the VPN traffic on the contractor's side.
Also, that there's a route pointing to the remote network to the next-hop for the VPN tunnel path on the Concentrator as well.
If you're doing a traceroute from your side, and the traffic is reaching the VPN, but being sent out to the Internet, it means its not triggering the tunnel, so check the suggestions above.
Federico.
02-25-2010 11:37 AM
It turns out it was a NATing issue with our Checkpoint firewall. The tunnel was rejecting the traffic because it didn't recognize the ip.
Thanks,
Ben
02-25-2010 11:52 AM
Glad it is working ;-)
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide