05-09-2010 08:24 PM - edited 03-04-2019 08:25 AM
Dear All,
Please help me to verify configuration as in attach file.
i did VPN site to site, so my configuration the tunnel is up already but the IP sec it not working.
So from client HQ cannot ping to client Branch( i mean cannot access anything ).
Could you help to verify on this ?
Best Regards,
Rechard
05-09-2010 10:20 PM
Hi rechard,
If everything seems ok for u then May be the problem exists because of IP NAT,try the configuration without IP NAT
05-09-2010 11:27 PM
1) Crypto ACL (ACL 176) is incorrect on both routers.
On HQ, it should be as follows:
access-list 176 permit ip 192.168.51.0 0.0.0.255 192.168.50.0 0.0.0.255
On Branch, it should be as follows:
access-list 176 permit ip 192.168.50.0 0.0.0.255 192.168.51.0 0.0.0.255
2) Further to that, the NAT ACL (ACL 175) is also incorrect.
On HQ, it should be as follows:
access-list 175 deny ip 192.168.51.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 175 permit ip 192.168.51.0 0.0.0.255 any
On Branch, it should be as follows:
access-list 175 deny ip 192.168.50.0 0.0.0.255 192.168.51.0 0.0.0.255
access-list 175 permit ip 192.168.50.0 0.0.0.255 any
Hope that helps.
05-10-2010 07:37 PM
Dear halijenn,
thanks you for your help!!!
Let me follow you!!!!
when i it still problem, how can i fix next?
Best Regards,
Rechard
05-10-2010 08:17 PM
Should work after the changes. If it still doesn't work, please re-post the latest configuration from both sides, and also the output of "show cry isa sa" and "
show cry ipsec sa".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide