Tunnel rejected: Policy not found for Src

p.mckay · ‎11-14-2005

I have a PIX to VPN3000 configuration setup. I find that I can not start a session form the hosts on the PIX side of the VPN but I can establish a session from the hosts behind the VPN3000.

I get the error: Tunnel rejected: Policy not found for Src:172.16.7.0, Dst: 0.0.0.0!

ajay.sirohi · ‎11-16-2005

Hi

I have exactly the same set-up and also got the same error when I try to access HTTP trafic behind the PIX.

p.mckay · ‎11-16-2005

There seems to be an online help about hairpinning and the pix. Search for hair and you will get Default Gateway link to a page that comments on this.

Redirecting traffic out the same interface that received it is sometimes called hairpinning. Some devices, such as the PIX Firewall, do not support hairpinning.

I found my solution was related to the L2L: rules that were applied to the Public (Default) Filter. Seems that if the remote side had say the ACL to encrypt traffic from the remote network to any. I did this as I want the remote office to encrypt all traffic and send through my network vs allowing split tunneling. Then the L2L on the concentrator had to match. There are two L2L rules so the In would had to have a source of the remote network but the destination was any or the "Use the IP Wildcard mask" and the Out had to have the source as the Use the IP Wildcard mask and destination was the remote network.

bcbabloo86 · ‎11-21-2013

Check your routing internally for the encryption IP's. If the is routing configured crrectly to reach the VPN Box.