Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Lan to Lan VPN, traffic dont pass on tunnel

Hi,

I am tying to establish LAN to LAN VPN using two VPN concentrators with public IPs assigned.

Details-

Local range 192.168.1.0/24

Remote range 10.0.0.0/8

I have configures IKE, IPsec parameters, tunnel gets established. Also defined filter rule to define traffic to be encrypted on tunnel. Routing is also proper.

But the user traffic isn’t going on tunnel, not able to ping end devices.

Is NATing compulsory in this case?

Also, SA defined for filter rule is in transport mode. I tried both tunnel and transport mode.

One thing I observed is that, concentrator is forwarding user traffic to next hope/internet router but the IP header is the same, its with original IPs (private IPs, 192.xxx). The packet I am receiving on local internet router from local concentrator is with its original/private IP. Because of this router is not able to route, rather user traffic is not able to get on internet.

I guess in tunnel, all traffic should be carried under public IP of concentrator.

What is the problem in this?

Regards

1 REPLY

Re: Lan to Lan VPN, traffic dont pass on tunnel

Hello Kapish,

Is the site-to-site tunnel coming up? I guess this should be a problem with the VPN connection. If the crypto ACLs are defined properly, the packets will never pass through the VPN concentrator. NAT is not required here, as the end networks are seperate and not overlapping !!!!

Just look for the Event log to determine the problem. Select Monitoring -> Live Event log and see the error message !!!

Regards

Raj

104
Views
0
Helpful
1
Replies