VPN up but can't access remote network

Unanswered Question
Jan 21st, 2009
User Badges:

Hi everyone,

I have established a L2L VPN between my Cisco 851 and the remote sites Watchguard. The tunnel comes up fine. From the local side I can ping the remote host only if I set the source address of the packets to the routers vlan1 address. From the remote side I can ping the routers vlan1 address but I can't get pass the router to any of my local devices. I have been over and over my acl's for standard access, ipsec, and nat and all looks well. Anyone have any suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Wed, 01/21/2009 - 14:41
User Badges:
  • Gold, 750 points or more

How about routing? Do all devices on 851 side know how to reach the Watchguard side via 851 router?

You can check encry/decry counter in "show crypto ipsec sa" to see which one is not incrementing.

1uptechologies Wed, 01/21/2009 - 15:04
User Badges:

Routing is the problem. I added a route to a windows computer and I was then able to ping the remote network. However, I attempted to add the route to the cisco 851 and it doesn't seem to make a difference. Any suggestions?

Yudong Wu Wed, 01/21/2009 - 15:08
User Badges:
  • Gold, 750 points or more

851 just need routes to its all local networks and the route to the remote network.

Can you post your config here and let me know which remote IP network you wound like to access?


This Discussion