VPN site to site doesn't work?

rechard_hk · ‎05-09-2010

Dear All,

Please help me to verify configuration as in attach file.

i did VPN site to site, so my configuration the tunnel is up already but the IP sec it not working.

So from client HQ cannot ping to client Branch( i mean cannot access anything ).

Could you help to verify on this ?

Best Regards,

Rechard

Omid Almasieh · ‎05-09-2010

Hi rechard,

If everything seems ok for u then May be the problem exists because of IP NAT,try the configuration without IP NAT

Jennifer Halim · ‎05-09-2010

1) Crypto ACL (ACL 176) is incorrect on both routers.

On HQ, it should be as follows:

access-list 176 permit ip 192.168.51.0 0.0.0.255 192.168.50.0 0.0.0.255

On Branch, it should be as follows:

access-list 176 permit ip 192.168.50.0 0.0.0.255 192.168.51.0 0.0.0.255

2) Further to that, the NAT ACL (ACL 175) is also incorrect.

On HQ, it should be as follows:

access-list 175 deny ip 192.168.51.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 175 permit ip 192.168.51.0 0.0.0.255 any

On Branch, it should be as follows:

access-list 175 deny ip 192.168.50.0 0.0.0.255 192.168.51.0 0.0.0.255
access-list 175 permit ip 192.168.50.0 0.0.0.255 any

Hope that helps.

rechard_hk · ‎05-10-2010

Dear halijenn,

thanks you for your help!!!

Let me follow you!!!!

when i it still problem, how can i fix next?

Best Regards,

Rechard

Jennifer Halim · ‎05-10-2010

Should work after the changes. If it still doesn't work, please re-post the latest configuration from both sides, and also the output of "show cry isa sa" and "

show cry ipsec sa".