03-16-2010 02:40 PM
Hi,
I have setup the tunnel in my test lab and am able to reach peer IP firewall..iskmp is up but ipsec is not working..means i am unable to reach inside network of otherside..
config attached..any suggestions/feedback
Regards
Sateesh
03-16-2010 02:49 PM
Your error is on Firewall A:-
crypto map VPN 70 match address TEST
The ACL TEST does not exist. Create it
access-list TEST permit ip host 192.168.200.2 host 192.168.100.2
Test again.
03-16-2010 02:51 PM
I have modifed it...but still same problem.
Regards
Sateesh
03-16-2010 03:05 PM
post the output of "show crypto isakmp sa" & "show crypto ipsec sa" from both ends when the tunnel is established
03-16-2010 03:19 PM
03-17-2010 01:04 AM
The tunnel has formed OK - traffic is being encrypted by Firewall B, and unencrypted by Firewall A. However the issue is Firewall A is not encrypted any traffic, this could be of 2 reasons:-
1) The crypto tunnel has formed incorrectly, even though everything looks OK - reboot the firewall
2) There is a routing issue - check that the end device on network firewall A is receving the traffic and
can respond/route correctly.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide