Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

one way vpn traffic

I have a IPsec VPN tunnel up, but cannot send traffic across a VPN. The remote site can send traffic to the VPN router. One of the requirements is that all devices must have same public IP. So that is why the Linksys VPN router's Lan address is the 55.x.x.120.

Is it because we are using the public IP on the Linksys lan that it won't send traffic through the VPN?

Or is it because the Cisco VPN server is configured only to allow the one host (the linksys router)?

If I have a computer on the linksys lan at 55.x.x.121 i have no access to the VPN tunnel.

The linksys also has a ping utility. I can ping the remote gateway, but not the remote host 160.x.x.160. This makes me think the router is just going out the WAN to the internet and not using the VPN?

Any insight would be appreciated. Normally i'd be joining two private networks over a VPN tunnel, but Im wondering if it will work with the given restrictions.

IPSEC VPN SETUP:

Edge router:

NATs 192.168.1.100 55.x.x.120

access-list UDP 500, 4500 and IP Protocol 50 on 192.168.1.100

Linksys VPN router:

WAN 192.168.1.100 255.255.255.0

LAN 55.x.x.120/24 IP address

VPN SETUP:

local subnet: 55.x.x.120/32

remote subnet: 160.x.x.160/32

remote gateway: 160.x.x.150/32

On the remote ASA5520 they have:

local subnet: 160.x.x.160/32

remote subnet: 55.x.x.120/32

remote gateway: 55.x.x.120/32

2 REPLIES
Cisco Employee

Re: one way vpn traffic

If you use /32 subnet mask for Local and remote subnet, only a single ip address would be part of the tunnel.

Change it to a network, so that it can include more ip addresses.

That should let you ping the host connected to the routers.

-Kanishka

New Member

Re: one way vpn traffic

Im sure you're right. We tested as a host to network VPN and it worked. For some reason it had to change to a host to host.

Thanks.

123
Views
0
Helpful
2
Replies
CreatePlease to create content