vpn problem

craigmc24 · ‎09-14-2006

I have what would appear to be a simple lan to lan vpn.

I have enabled: sysopt connection permit-ipsec.

The remote site works as expected - without the use of any access-list assigned to the inside interface for vpn traffic.

The local site will not operate unless I have a crypto access-list and an access-list assigned to the inside interface.

example:

local:

access-list inside extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

!

access-list cryto_acl extnded permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

!

access-group inside in interface inside

!

When both access-lists do not exist it is not possible to connect to the remote site!!

does anyone have any ideas?!

thanks

gpulos · ‎09-14-2006

the type of configuration required to create a vpn tunnel will be dependent on the type(s) of hardware involved, both ends, as well as the version of IOS on both ends.

can you provide the hardware model for both ends as well as the IOS verison their running?

this will help us determine why you get certain behavior on one device but not on the other.

zhenningx · ‎09-19-2006

You need to have access lists on both remote and local sites for lan to lan vpn working properly. And the two ACLs need to be mirrored. For ex:

local:

access-list inside extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

remote:

access-list inside extended permit ip 2.2.2.0 255.255.255.0 1.1.1.0 255.255.255.0

rocioentel · ‎05-29-2023

Thanks you for the information!

I want create a vpn between two house that I have to 2 km for share the Internet that I have with Entel and this information is perfect.

Apasionado de Internet y las nuevas tecnologías