Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Tunnel rejected: Policy not found for Src

I have a PIX to VPN3000 configuration setup. I find that I can not start a session form the hosts on the PIX side of the VPN but I can establish a session from the hosts behind the VPN3000.

I get the error: Tunnel rejected: Policy not found for Src:172.16.7.0, Dst: 0.0.0.0!

3 REPLIES
New Member

Re: Tunnel rejected: Policy not found for Src

Hi

I have exactly the same set-up and also got the same error when I try to access HTTP trafic behind the PIX.

New Member

Re: Tunnel rejected: Policy not found for Src

There seems to be an online help about hairpinning and the pix. Search for hair and you will get Default Gateway link to a page that comments on this.

Redirecting traffic out the same interface that received it is sometimes called hairpinning. Some devices, such as the PIX Firewall, do not support hairpinning.

I found my solution was related to the L2L: rules that were applied to the Public (Default) Filter. Seems that if the remote side had say the ACL to encrypt traffic from the remote network to any. I did this as I want the remote office to encrypt all traffic and send through my network vs allowing split tunneling. Then the L2L on the concentrator had to match. There are two L2L rules so the In would had to have a source of the remote network but the destination was any or the "Use the IP Wildcard mask" and the Out had to have the source as the Use the IP Wildcard mask and destination was the remote network.

New Member

Tunnel rejected: Policy not found for Src

Check your routing internally for the encryption IP's. If the is routing configured crrectly to reach the VPN Box.

1487
Views
0
Helpful
3
Replies