12-17-2002 05:10 AM - edited 03-09-2019 01:25 AM
I have an problem with the 3005 VPN concentrator when I try to establish a tunnel to an subneted network. When I choose the complete networks everything works fine, but when I do subnetting the tunnel doesn't start establishing.
e.g.:
This works:
permit ip 194.69.39.39 0.0.0.255 194.117.106.128 0.0.0.255
That doesn't work:
permit ip host 194.69.39.39 194.117.106.128 0.0.0.3
I want to connect to an IOS router and need to use subnetting.
Does anyone got an idea?
12-17-2002 09:13 AM
Hi there,
It sounds like you have mis-matched encryption ACLs between your concentrator and your IOS router when you use the subnetted networks
If you think your ACLs are configured properly, then enable:
debug cry isa & debug cry ip on the IOS router, and
IKE,IKEDBG,IPSEC,IPSECDBG, severity to log 1-9 on the concentrator to find out why the tunnel is not coming up
Jazib
12-18-2002 12:52 AM
Hello.
The router is configured to work with dyn-map. I know that is not the standard but the customer of the router just want to work with dyn-maps.
Dirk
12-18-2002 02:08 PM
Dirk,
so what u r saying is, your 3005s are going to a router which has dynamic crypto configured?
Can you enable debug cry isa and debug cry ip and send me me the debugs when ur 3005 tries to bring up the tunnel
Jazib
12-19-2002 05:53 AM
Hello Jazib.
I try to get this outputs.
Dirk
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide