01-19-2008 06:54 AM - edited 02-21-2020 03:29 PM
I have a problem with a site to site VPN tunnel.
I have setup a tunnel with a remote site (138.3.0.0/16) to my site (10.212.0.0/16 10.147.108.0/24). The remote site can initiate Phase 2 but does not get a ping response.
Phase 2 is not even attempted when the local site pings a server on the remote site. Please could someone help resolve the problem or advise how I can troubleshoot the connection? How can I monitor traffic in the VPN tunnel?
Config attached
01-19-2008 11:19 PM
You have access-lists applied on the inside and dmz interface and I do not configuration permitting traffic from 10.212.0.0/16 10.147.108.0/24 going to 138.3.0.0/16.
Please configure the permit statements and then test the IPSEC Tunnel.
Regards,
Arul
01-20-2008 02:20 AM
Thanks for the reply:
The N2_outbound access-lis:
access-list N3_outbound extended permit ip any any
is applied to the inside interface:
access-group N3_outbound in interface inside
and permits traffic from the inside to dmz3.
There is no statement that allows 138.3.0.0/16 back into the dmz3 interface, but I thought that the vpn tunnel would by-pass the ACL. Please could you advice what statements are required?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide