06-14-2010 04:46 AM
Hi All,
we have a site-to-site VPN (PIX <-> Cisco 7200). 1 local network and 4 remote subnets are in the ACLs. The VPN works fine with 2 remote subnets but does not work for the other 2.
work means we can send traffic from local to remote site.
not work means we can not send traffic from local to remote. Dont see IPSEC SA when show crypto ipsec sa.
could someone help please
Regards,
Tao
06-14-2010 05:23 AM
Check your interesting traffic ACL and your NAT & no-nat ACL's to make sure they all match.
HTH>
06-14-2010 06:54 AM
Hi Andrew,
We have checked the ACLs many times, they are identical but in reverse source and destination. We use static NAT one-to-one. and they are correct.
DO you have any ideas?
thanks,
Tao
06-14-2010 06:57 AM
If you NAT before you encrypt - you need to make sure you are not natting again after, before encryption.
Post your config for review - remove sensitive information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide