cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
722
Views
0
Helpful
0
Replies

POLICY BASED VPN ACCESS LIST BREAKS PINGS

Prime56
Level 1
Level 1

Hi all,

I have a vpn connection setup like this.

2 REMOTE SITES WITH 2 VPN CONNECTIONS

 

remote site 1 > data center 

remote site 1 > remote site 2

remote site 2 > data center

remote site 2 > remote site 1

 

I want to have my two remote sites reach the rest of my branch sites through the  data center connection. I can reach the datacenter subnets just fine (192.168.208.0/21). The rest of my subnets for my sites fall under the subnet 192.168.0.0/16.

so I configured an ACL permitting 192.168.0.0/16 traffic on both sides. (datacenter and remote site)

After I do this, it breaks connection via the two remote sites.

Why is it doing this? The "match address" of the 192.168.0.0/16 should only be affecting the data center connection and not the remote site <> remote site connections. But it does, and I stop being able to ping. is the broad subnet confusing it somehow? Can I not have two vpn connections that fall under the same subnet but one is more specific? 

Do I need to have the two remote sites have a higher sequence number than the data center 0.0 site?

 

 

 

 

SOLVED: CHANGED SEQUENCE NUMBER OF DATA CENTER TO HIGHER NUMBER THAN REMOTE SITES

0 Replies 0