L2L VPN - Permitting a new Network

Unanswered Question
Mar 16th, 2007


I currently have a L2L VPN that connects a remote office. It is partly managed by a third party. Currently it permits traffic from our internal LAN I am in the process of re-addressing our internal LAN. I have created, Vlan'd and subnetted 4 new subnets using etc etc. The trouble I?m having is connectivity from the new subnets to the remote site.

The guy at the third party has made the changes his end to permit the new subnets. I have added rules to my access-lists as required but no joy.

access-list nonat extended permit ip

access-list 127 extended permit ip

I think the third party guy has just permitted, and I?m wondering if that is correct as I?m actually using,, Should subnets be permitted individually or would be a workable summarization?

Many Thanks

J Mack

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 03/16/2007 - 02:20


It shouldn't make any difference to be honest. The VPN device should just compare the address to it's crypto map so if it's crypto map says permit the /24 range and the IP address is from the range it won't care. The subnet mask is not carried in the IP header of the packets.

I suspect the issue is elsewhere. Do you have a sanitised copy of your config and the remote end ??

If you bring the tunnel down and then try and connect from a 192.168.32.x addresses does the tunnel come up but no traffic passes or does the tunnel fail to initialise ?




This Discussion