Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
2
Replies

VPN to 3745 from mobile site via two different networks

nbourke2000
Level 1
Level 1

‎11-17-2010 05:55 AM

Hi, wondering if anyone has any ideas on a problem I have.

I have 2 networks, one private and one internet, connecting to 2 interfaces on a 3745 router. I have mobile client routers (netscreens) that are moving from one network to the other.

The problem I have is the tunnel comes up when the client is on internet but when connected via the client network it needs a static route on the PoP pointing to the client network.

Without the static route the SA shows as QM_IDLE but it does not pass traffic. I also have an issue where when the router moves from internet to the private  network the SA stays on the 3745 and causes SPI problems until it clears. Reducing idle-time seems to do nothing to help this.

Labels:
0 Helpful
2 Replies 2

nbourke2000
Level 1
Level 1

‎11-17-2010 06:53 AM

I think maybe Reverse Route Injection might be a partial solution?

0 Helpful

praprama
Cisco Employee
Cisco Employee

‎11-19-2010 06:50 AM

Hi,

So to clarify the problem, we have VPN termination on 2 different interfaces on a 3745, "internet" and "private". When connecting to "internet" all works fine. When connecting to "private", connection is up but no traffic passes unless a static route is added.

Could you elaborate more on what is the exact command you add? It will be much easier to understand if you could post a sanitized config and a topology as well.

Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents