Site-to-Site connection over Easy VPN

Unanswered Question
Apr 7th, 2010
User Badges:

Hi ,


I have been using easy VPN for a long time, but without split tunneling. Last Monday, I made a change in Easy VPN connection and add split-tunnelling properties. I configured all my access succesfully, but site-to-site VPN tunnels. I added other site internel IP subnet and peer IPs, but still cannot reach.

I want to reach other site over Easy VPN, because I was able to reach before split tunnelling operation.


What should I check , or what else will I do ?


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Any help greatly appreciated..


Regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Wed, 04/07/2010 - 06:36
User Badges:
  • Green, 3000 points or more

Hi,


EzVPN could cause problems with split tunneling if in client mode.

Do you have EzVPN in network or client mode?


To check the Site-to-Site problem can you post the configs?


Federico.

serdar.karahano... Wed, 04/07/2010 - 06:52
User Badges:

Sorry, But I dont have any oppurtunity about using EzVPN , because site-to-site VPN connection links our company to another company. The other company uses Checkpoint for firewall. That's why I cannot use EzVPN tech for this situation.


But I thought that If I added the other company's internal network subnet to split tunnel IPs , It went over the site-to-site tunnel.But it did not.

So I added more like peer IP of other company but it is not still working.


I dont want to change my site-to-site configuration because of other company's  approach of IT problem.


Thanks.

Federico Coto F... Wed, 04/07/2010 - 08:25
User Badges:
  • Green, 3000 points or more

Sure, it should work with no problems.


Could you post the configuration from your side?


Federico.

Federico Coto F... Tue, 04/13/2010 - 12:39
User Badges:
  • Green, 3000 points or more

Ok,


The Site-to-Site tunnel should be established from the PIX to IP A.B.17.252.

The interesting traffic is the traffic defined in access-list outside_cryptomap_20_1 (from any source to 192.168.5.0/24)


If 192.168.5.0/24 is indeed the network that you're trying to reach, then you should add this statement:


access-list inside_nat0_outbound permit ip any 192.168.5.0 255.255.255.0


This command:

route inside 192.168.5.0 255.255.255.0 172.16.0.2 1

Is sending traffic to 192.168.5.0/24 to the inside, which is incorrect if that's the other site's subnet.


Federico.

Actions

This Discussion

Related Content