08-11-2006 05:07 AM - edited 02-21-2020 02:34 PM
i have c1841, with 2 ipsec tunnels to other sites, do i need to put the peer site public iP into my ACL & ios firewall to allow routing between all 3 sites (hub & both spoke)?
pinging the LAN ip of the other spoke site from hub router CLI fails, & same on the spoke sites, what could be wrong or missing
thanks
08-14-2006 05:02 AM
Hi
Can you post the configs of your hub site and the remote locations ?
So that they can be verified and suggestions can be made ?
regds
08-15-2006 04:30 AM
Any ACL on internet-facing interface must allow UDP500 and ESP between the VPN peers.
In old IOS versions you must also allow the unencrypted traffic too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide