Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

no tunnel possible to subnetted networks with concentrator

I have an problem with the 3005 VPN concentrator when I try to establish a tunnel to an subneted network. When I choose the complete networks everything works fine, but when I do subnetting the tunnel doesn't start establishing.

e.g.:

This works:

permit ip 194.69.39.39 0.0.0.255 194.117.106.128 0.0.0.255

That doesn't work:

permit ip host 194.69.39.39 194.117.106.128 0.0.0.3

I want to connect to an IOS router and need to use subnetting.

Does anyone got an idea?

4 REPLIES
Bronze

Re: no tunnel possible to subnetted networks with concentrator

Hi there,

It sounds like you have mis-matched encryption ACLs between your concentrator and your IOS router when you use the subnetted networks

If you think your ACLs are configured properly, then enable:

debug cry isa & debug cry ip on the IOS router, and

IKE,IKEDBG,IPSEC,IPSECDBG, severity to log 1-9 on the concentrator to find out why the tunnel is not coming up

Jazib

New Member

Re: no tunnel possible to subnetted networks with concentrator

Hello.

The router is configured to work with dyn-map. I know that is not the standard but the customer of the router just want to work with dyn-maps.

Dirk

Bronze

Re: no tunnel possible to subnetted networks with concentrator

Dirk,

so what u r saying is, your 3005s are going to a router which has dynamic crypto configured?

Can you enable debug cry isa and debug cry ip and send me me the debugs when ur 3005 tries to bring up the tunnel

Jazib

New Member

Re: no tunnel possible to subnetted networks with concentrator

Hello Jazib.

I try to get this outputs.

Dirk

109
Views
0
Helpful
4
Replies
CreatePlease to create content