Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
0
Helpful
3
Replies

vpn some subnet works others dont

phamthecong
Level 1
Level 1

‎06-14-2010 04:46 AM

Hi All,

we have a site-to-site VPN (PIX <-> Cisco 7200). 1 local network and 4 remote subnets are in the ACLs. The VPN works fine with 2 remote subnets but does not work for the other 2.

work means we can send traffic from local to remote site.

not work means we can not send traffic from local to remote. Dont see IPSEC SA when show crypto ipsec sa.

could someone help please

Regards,

Tao

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎06-14-2010 05:23 AM

Check your interesting traffic ACL and your NAT & no-nat ACL's to make sure they all match.

HTH>

0 Helpful

phamthecong
Level 1
Level 1
In response to andrew.prince

‎06-14-2010 06:54 AM

Hi Andrew,

We have checked the ACLs many times, they are identical but in reverse source and destination. We use static NAT one-to-one. and they are correct.

DO you have any ideas?

thanks,

Tao

0 Helpful

andrew.prince
Level 10
Level 10
In response to phamthecong

‎06-14-2010 06:57 AM

If you NAT before you encrypt - you need to make sure you are not natting again after, before encryption.

Post your config for review - remove sensitive information.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents