Unable to Ping over VPN

Vikrant Ambhore · ‎12-08-2010

Hello Friends,

We have done IPsec VPN between 3 sites, We have Staic Ip only Perth Office, rest offices has a dynamic IP from ISP,
Please Look on below diagram, Perth is main Router, India & Melbourne are connect with VPN to Perth

We have Three Site All site are conncect with VPN
Perth (UC520): 192.168.2.0/24 (Main Site of VPN Server)

India (871 W): 192.168.4.0/24 (Remote Site)

Melbourne (871 W): 192.168.8.0/24 (Remote Site)

Now I am able to ping India & Melbourne from Perth, also able to ping Perth from Melbourne & India, but we are unable to Ping India from Melbourne & vice-versa...

Please any one help me what need to be done for it

Bastien Migette · ‎12-08-2010

You want traffic between melbourne and india going through perth (so you have 2 tunnels), or does these site have a direct tunnel between them ?

I would look like to IPSEC Tunnels (sh crypto isa sa/ipsec sa) as well as crypto ACL/Maps and routing table to check if everything is OK.

Vikrant Ambhore · ‎12-08-2010

Hello Mate,

Thanks for your reply, I want traffic between melbourne and india going through perth because I don't have static IP at India & Melbourne, i have only in Perth, can u please look my Attched configuration of all sites,

X.X.X.X = India wan IP (dynamic)

Y.Y.Y.Y = Perth Wan IP (Static IP)

Z.Z.Z.Z = Melbourne Wan IP (Dynamic)

Regards

Vikrant

Bastien Migette · ‎12-09-2010

try to change

ip access-list extended SplitTunnel
permit ip 192.168.2.0 0.0.0.255 any
permit ip 10.1.0.0 0.0.15.255 any

by

ip access-list extended SplitTunnel
permit ip 192.168.0.0 0.0.255.255 any
permit ip 10.1.0.0 0.0.15.255 any

On perth router, and disconnect/reconnect the tunnels from ezvpn clients routers to see if that change.

Vikrant Ambhore · ‎12-21-2010

Sorry for late reply,

I have done as per your suggestion but Same issue yet, Please help