Hi all,
I have a vpn connection setup like this.
2 REMOTE SITES WITH 2 VPN CONNECTIONS
remote site 1 > data center
remote site 1 > remote site 2
remote site 2 > data center
remote site 2 > remote site 1
I want to have my two remote sites reach the rest of my branch sites through the data center connection. I can reach the datacenter subnets just fine (192.168.208.0/21). The rest of my subnets for my sites fall under the subnet 192.168.0.0/16.
so I configured an ACL permitting 192.168.0.0/16 traffic on both sides. (datacenter and remote site)
After I do this, it breaks connection via the two remote sites.
Why is it doing this? The "match address" of the 192.168.0.0/16 should only be affecting the data center connection and not the remote site <> remote site connections. But it does, and I stop being able to ping. is the broad subnet confusing it somehow? Can I not have two vpn connections that fall under the same subnet but one is more specific?
Do I need to have the two remote sites have a higher sequence number than the data center 0.0 site?
SOLVED: CHANGED SEQUENCE NUMBER OF DATA CENTER TO HIGHER NUMBER THAN REMOTE SITES