Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
5
Helpful
1
Replies

VPN lan-to-lan Routing

networksavvy
Level 1
Level 1

‎01-06-2006 11:05 AM - edited ‎03-03-2019 11:23 AM

I have an ipsec tunnel created between a 1841 and 871. I have vlan1 as 10.1.5.1 on the 871 and 10.1.4,10.1.3, and 10.1.2 on the 1841. I cannot ping from each router to any destination lan ip. I do not know how to add a static route to make these work. Can anyone advise?

Labels:
Preview file
6 KB
Preview file
4 KB
0 Helpful
1 Reply 1

stierb
Level 1
Level 1

‎01-06-2006 03:59 PM

From what I can tell, your 10.1.x.x networks are not in the encryption domain for your IPSec tunnel. So, the packet will follow the default routes in place already (x.x.x.237 on the 1841 and x.x.x.33 on the 871) unencrypted. If your intent is to connect these privately addressed networks over the internet or WAN you can't control routing for, you'll need to add those networks to the encryption domain. After that, they'll follow the default route already in place, however they will be encrypted and passed to the other IPSEC tunnel endpoint. Same for the reverse path. For pings, you'll also need to add to the encryption domain ICMP from / to your public IP address and/or use an extended ping to source from your 10.1.x.x interface. After you get the encryption domain specified properly, you should be OK, providing your tunnel sets up right.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card