Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3005 L2L issue

Hi

I have setup a L2L tunnel on a 3005, Phase1 and 2 are good.

On my end I have a network list on hosts that should be accessible to the far end.

On the far end I have one Host that should be able to access the devices in my network list.

From my end I can ping the far end.

From the far end they cannot ping my hosts. On the concentrator my end I get the following message in the log

Tunnel rejected: Policy not found for

Src:192.168.220.10, Dst: 10.0.0.0!

anyone any ideas?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 3005 L2L issue

Your local and remote network/host lists on either end have to be the EXACT opposite of each other. The concentrator is receiving a tunnel request from the far end for traffic from 192.168.220.10 to 10.0.0.0, but the concentrator doesn't have that explicitly defined, and so it rejects the tunnel.

Always make sure the two ends have the opposite (and I mean exactly the opposite) traffic defined to be encrypted, otherwise you'll get errors like this.

1 REPLY
Cisco Employee

Re: 3005 L2L issue

Your local and remote network/host lists on either end have to be the EXACT opposite of each other. The concentrator is receiving a tunnel request from the far end for traffic from 192.168.220.10 to 10.0.0.0, but the concentrator doesn't have that explicitly defined, and so it rejects the tunnel.

Always make sure the two ends have the opposite (and I mean exactly the opposite) traffic defined to be encrypted, otherwise you'll get errors like this.

103
Views
0
Helpful
1
Replies
CreatePlease login to create content