singhsaju Mon, 10/20/2008 - 07:33
User Badges:
  • Silver, 250 points or more

Post configs of both routers.That will clarify routing info and the VPN networks.


From the config lines from the attachment .


There is " deny " statement in the access list bound to interfaces on both routers for network 192.0.0.0/8 .Check if this is not blocking the ping.


HTH

Saju

Pls rate helpful posts

singhsaju Mon, 10/20/2008 - 08:39
User Badges:
  • Silver, 250 points or more

yes include 192.0.0.0/8 subnet to the Crypto ACL if you want to encrypt the traffic.



moses12315 Mon, 10/20/2008 - 09:04
User Badges:

Yes lets say i do not want to encrypt the 192.0.0.0/8 traffic. Lets say that i want to deny that traffic. Why is not working with the access list? Does match address of the crypto map interferes with the access list on the interface.

Thanks

Moses

singhsaju Mon, 10/20/2008 - 10:23
User Badges:
  • Silver, 250 points or more

Hi Moses,


Since you did not specify 192. network in the Crypto ACL so it will will never go into tunnel(or it will not be encrypted)


I think your ping to 192 network is blocked by the outbound access-list on Router A


try removing it and then test


interface Serial1/3.6 point-to-point

description RouterA

no ip access-group AList out



Extended IP access list AList

10 deny ip 192.0.0.0 0.255.255.255 any =========> this is blocking your ping packets(30 matches)

11 deny ip host 10.9.9.12 any

20 permit ip any any (4576 matches)



HTH

Saju


Actions

This Discussion