×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN lan-to-lan Routing

Unanswered Question
Jan 6th, 2006
User Badges:

I have an ipsec tunnel created between a 1841 and 871. I have vlan1 as 10.1.5.1 on the 871 and 10.1.4,10.1.3, and 10.1.2 on the 1841. I cannot ping from each router to any destination lan ip. I do not know how to add a static route to make these work. Can anyone advise?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
stierb Fri, 01/06/2006 - 15:59
User Badges:

From what I can tell, your 10.1.x.x networks are not in the encryption domain for your IPSec tunnel. So, the packet will follow the default routes in place already (x.x.x.237 on the 1841 and x.x.x.33 on the 871) unencrypted. If your intent is to connect these privately addressed networks over the internet or WAN you can't control routing for, you'll need to add those networks to the encryption domain. After that, they'll follow the default route already in place, however they will be encrypted and passed to the other IPSEC tunnel endpoint. Same for the reverse path. For pings, you'll also need to add to the encryption domain ICMP from / to your public IP address and/or use an extended ping to source from your 10.1.x.x interface. After you get the encryption domain specified properly, you should be OK, providing your tunnel sets up right.

Actions

This Discussion