04-07-2010 06:27 AM
Hi ,
I have been using easy VPN for a long time, but without split tunneling. Last Monday, I made a change in Easy VPN connection and add split-tunnelling properties. I configured all my access succesfully, but site-to-site VPN tunnels. I added other site internel IP subnet and peer IPs, but still cannot reach.
I want to reach other site over Easy VPN, because I was able to reach before split tunnelling operation.
What should I check , or what else will I do ?
Any help greatly appreciated..
Regards.
04-07-2010 06:36 AM
Hi,
EzVPN could cause problems with split tunneling if in client mode.
Do you have EzVPN in network or client mode?
To check the Site-to-Site problem can you post the configs?
Federico.
04-07-2010 06:52 AM
Sorry, But I dont have any oppurtunity about using EzVPN , because site-to-site VPN connection links our company to another company. The other company uses Checkpoint for firewall. That's why I cannot use EzVPN tech for this situation.
But I thought that If I added the other company's internal network subnet to split tunnel IPs , It went over the site-to-site tunnel.But it did not.
So I added more like peer IP of other company but it is not still working.
I dont want to change my site-to-site configuration because of other company's approach of IT problem.
Thanks.
04-07-2010 08:25 AM
Sure, it should work with no problems.
Could you post the configuration from your side?
Federico.
04-07-2010 12:51 PM
04-13-2010 12:39 PM
Ok,
The Site-to-Site tunnel should be established from the PIX to IP A.B.17.252.
The interesting traffic is the traffic defined in access-list outside_cryptomap_20_1 (from any source to 192.168.5.0/24)
If 192.168.5.0/24 is indeed the network that you're trying to reach, then you should add this statement:
access-list inside_nat0_outbound permit ip any 192.168.5.0 255.255.255.0
This command:
route inside 192.168.5.0 255.255.255.0 172.16.0.2 1
Is sending traffic to 192.168.5.0/24 to the inside, which is incorrect if that's the other site's subnet.
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: