singhsaju Mon, 10/20/2008 - 07:33

Post configs of both routers.That will clarify routing info and the VPN networks.

From the config lines from the attachment .

There is " deny " statement in the access list bound to interfaces on both routers for network .Check if this is not blocking the ping.



Pls rate helpful posts

singhsaju Mon, 10/20/2008 - 08:39

yes include subnet to the Crypto ACL if you want to encrypt the traffic.

moses12315 Mon, 10/20/2008 - 09:04

Yes lets say i do not want to encrypt the traffic. Lets say that i want to deny that traffic. Why is not working with the access list? Does match address of the crypto map interferes with the access list on the interface.



singhsaju Mon, 10/20/2008 - 10:23

Hi Moses,

Since you did not specify 192. network in the Crypto ACL so it will will never go into tunnel(or it will not be encrypted)

I think your ping to 192 network is blocked by the outbound access-list on Router A

try removing it and then test

interface Serial1/3.6 point-to-point

description RouterA

no ip access-group AList out

Extended IP access list AList

10 deny ip any =========> this is blocking your ping packets(30 matches)

11 deny ip host any

20 permit ip any any (4576 matches)




This Discussion