I have 3015 concentrator at HQS and 3002 hardware client at site. We are using 188.8.131.52/16 at concentrator private interfce and 184.108.40.206/16 to hardware client private side.I am running network extension mode on hardware client. My tunnel comes up but i can not ping any thing at HQS private side which is 124.15.x.x/16. When i changed my address scheme at site to 123.x.x.x/16, i am able to ping HQS devices and browse HQS intranet. It works with any address but 124.15.x.x/16. Any idea why i am not able to browse or ping anything at HQS side if i use 124.15.x.x/16 or 24 or etc subnet at site. Thanks
When you use 220.127.116.11/16 and 18.104.22.168/16 on netblocks on ends of the same vpn tunnel, you are using the same ip netspace in both locations - 124.15.x.x/16. Nothing will travel through the tunnel because all machines will think that all hosts numbered 124.15.x.x/16 are on the local subnet/network, and thus never hit the vpn device.
Yes, but that doesn't matter. If you did not change anything on the HQ side, then all hosts there would continue to think that all hosts in the netblock are directly reachable, and thus those packets will not be sent to the default gateway:
22.214.171.124 is the default gateway. it has a route to the vpn device making the point to point ipsec tunnel.
126.96.36.199 is a server at HQ.
even if you use 188.8.131.52/24 at the remote site, server 184.108.40.206 will think all hosts in that block are directly accessible as a result of *its* subnet mask being /16 (255.255.0.0), and thus will not send packets for them (220.127.116.11/24)to the default gateway.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...