Cisco IPSEC LAN-LAN tunnel.. I need two IP subnets to be encrypted through
I have a really annoying problem... I have two sites,
Site 1(HQ)= Cisco 2950(data+voice vlan) and a 1701(routes between vlans using fastethernet sub-interfaces. Also for ADSL internet access, VPN)
Site 2(Homeworker)= Cisco 1701 for internet, VPN connected to unmanaged switch-> PC&IP Phone.
We have an IP enabled PABX at our HQ and an IP handset for the above homeworker(site2). I have configured an IPSEC Lan-Lan VPN between the two 1701's and it works perfectly for the data vlan(188.8.131.52/24 to 192.168.93.0/24). But when I try to add the voice subnet to the cryptomap the traffic doesnt get encrypted!!(192.168.92.0/24 to 192.168.93.0/24) Any ideas? Have I missed anything?? if I do a sho crypto ipsec sa, I can see the voice subnet(192.168.92.0/24). But the 1701 routers are not encryping/decrypting anything...
I have removed all security ACL's and IP inspects just in case.. But no joy..
The PABX definatly has the correct D/G as I can ping the internet from it... If I check my hits on my access lists I can see matches for 192.168.92.0/24 to 192.168.93.0/24 on ACL100(NAT) and ACL120(VPN interestig traffic)
I have posted my configs...
I really need to get this sorted asap... :-S
Thanks in advance for any help
Just did a debug from the HQ router.... definatly a problem somewhere... :(. Just cant see it on my config!!
I pinged from 192.168.92.253(2950 switch) and got this...
I have replaced the public IP's for security perposes as in my configs above(184.108.40.206 ans 220.127.116.11).
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.93.1, timeout is 2 seconds:
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...