Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
1
Replies

VPN with similar networks at either end - not working.

davestalker
Level 1
Level 1

‎10-13-2008 01:04 AM - edited ‎02-21-2020 03:59 PM

hi, i wonder if this will ring any bells to anyone.

i'm trying to set up a site to site vpn between a pix 501 and an asa 5505. the network on the asa side is 10.10.3.0 and the network at the pix end is 10.10.10.0.

from what i can see the tunnel comes up ok yet when i try to ping from the pix to 10.10.3.1 i see packets encapsulating but not decapsulating and doing a sh access-list shows the hitcount rising.

strangely enough if i change the 10.10.10.0 network to something entirely different like 192.168.101.0 and configure it up that way it all works perfectly.

unfortunately the networks must be what they are so i can't change that.

been beating my head against this for 5 days now and at my wits end so any light anybody can shed on this will be most gratefully received!

many thanks in advance... dave

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎10-14-2008 12:58 AM

Dave,

If you can see the counters rising on the encapsulatiing, but not decapsulating - the issue is at the remote end.

I would check the following at both ends:-

1) Interesting traffic cryp[to map acl

2) no-nat acl

3) Static routes

HTH>

0 Helpful
Customers Also Viewed These Support Documents