Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

lan to lan nat question - concentrator 3005

I have set-up a lan to lan vpn tunnel an it is established. However, I am unable to pass traffic. I believe it has to do with nat. When the remote side sends traffic it is sent from 192.168.168.1 to 172.20.14.1. I have set-up the following lan-to-lan nat rule on my side:

Source Network: 192.168.15.0 wildcard mask 0.0.0.255 (192.168.15.0 is the inside of my 3005)

Translated Network: 172.20.14.0 wildcard mask 0.0.0.255

Remote Network: 192.168.1.0 wildcard mask 0.0.0.0 (192.168.1.0 is my lan)

My PIX logs the following:

2005-10-25 19:21:18 UTC Local7.Warning 192.168.1.2 %PIX-4-106023: Deny tcp src vpn:192.168.168.1/44226 dst outside:172.20.14.1/23 by access-group "vpn"

2005-10-25 19:21:18 UTC Local7.Info 192.168.1.2 %PIX-6-110001: No route to 192.168.168.1 from 172.20.14.1

What am I missing? Thanks for any assistance.

Jim

1 REPLY
Silver

Re: lan to lan nat question - concentrator 3005

The problem may be due to followign reasons.

Cannot establish a LAN-to-LAN VPN tunnel to a PIX Firewall due to a invalid local address. ...

In LAN-to-LAN VPN tunnel on router, packets exceeding 1500 maximum transmission units (MTU) are dropped. User cannot access a server across a LAN-to-LAN VPN tunnel and needs to bypass static translation for VPN traffic. LAN-to-LAN tunnel not established. The pre-shared keys don't match. Core issue, The pre-shared keys don't match

113
Views
0
Helpful
1
Replies
CreatePlease to create content