Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN -- Point to Point Connection Routing.

The VPN is up and running between Site C and Site A. No problem there.

I can ping 10.2.24.1 from Site A P2P Router.

But I cannot ping from Site B P2P Router. The ping times out.

I have the following routes on 3 routers,

Site A P2P Router: ip route 10.2.24.0 255.255.255.0 172.16.5.3

Site B P2P Router:  ip route 10.2.24.0 255.255.255.0 172.16.5.3

Site B Router Gateway:  ip route 10.2.24.0 255.255.255.0 172.16.5.3

When i start a ping from 172.20.3.0/24 network, Site C see the ping coming from 172.20.3.0 network and sends out a reply. But I never get a reply and i get a request timed out.

My task is that i should be able to ping Site C from any machine at Site B

9 REPLIES

VPN -- Point to Point Connection Routing.

Your next hops should be 1 away unless you are running a dynamic routing protocol.

Change:-

Site B P2P Router:  ip route 10.2.24.0 255.255.255.0 172.16.5.3 change to

ip route 10.2.24.0 255.255.255.0 172.16.1.5

Site B Router Gateway:  ip route 10.2.24.0 255.255.255.0 172.16.5.3 change to

ip route 10.2.24.0 255.255.255.0 172.20.3.2

And ensure the correct IP subnets are part of the interesting traffic acl and the no-nat acl.

HTH>

New Member

VPN -- Point to Point Connection Routing.

I changed the routes to what you suggested. but still its the same. The ping to Site C network times out if i do from a Site B machine.

Any other suggestion?

VPN -- Point to Point Connection Routing.

Post the output from a traceroute from the Site B Machine.  And check to make sure the site B IP subnet is on the list of interesting traffic for the VPN, and it is not be double natted.

New Member

VPN -- Point to Point Connection Routing.

I cannot do a traceroute becuase the guy who manages Site C has disabled tracerouting. When I ping Site C from Site B, Site C does see that the packet is coming from Site B and sends out a reply. But I receive a 'request timed out' on Site B. So it seems like the packet gets dropped between Site A P2P router and Site B P2P router.

VPN -- Point to Point Connection Routing.

How is that possible - if someone else manages site C, how can you see site C respond?  What firewalls terminate the VPN?

New Member

VPN -- Point to Point Connection Routing.

He said to me that he can see traffic coming from Site B. Both firewalls at Site A and Site C are Cisco ASAs

VPN -- Point to Point Connection Routing.

Something does not sounds right.

Post the output from the command "show crypto ipsec sa" from both devices, and "show access-list" from both devcies

New Member

VPN -- Point to Point Connection Routing.

Andrew,

Found the issue. I was missing a route on Firewall Site A to send Site B traffic via the Core Switch at Site A. Core Switch does the routing. Adding that everything started working.

Thanks for your help!!!

Pratik

Re: VPN -- Point to Point Connection Routing.

good news

Sent from Cisco Technical Support iPad App

540
Views
0
Helpful
9
Replies
CreatePlease login to create content