I have a Central site with a VPN 3030 Concentrator, off this I have a LAN to LAN VPN working to site (A). I also have remote access VPN working.
What I am trying to do is, get the client to dial in through the remote access VPN then pass down the LAN to LAN VPN to get to the site (A)
I have modified all the NAS lists on the Concentrator and all the ACLs on site A PIX
My findings so far are
1) Remote client creates a VPN connection with the 3030 Concentrators and gets address assigned from a pool (remote access VPN established)
2) Remote client pings a box in site (A)
3) The ping packet passes down the remote access VPN to the 3030 Concentrator, then over the LAN to LAN VPN to site (A), the ICMP packet gets decrypted by the PIX and the box then replys to the ICMP packet.
4) The Packet then leaves the PIX from site (A) encrypted back up the LAN to LAN connection to the 3030 Concentrator in the central site.
5) It stops here, the 3030Concentrator dose not forward the ICMP packet up the remote access VPN to the remote client.
How I established the ICMP packet was getting form the remote client to site (A) through the 3030 Concentrator in the central site and from site (A) back to the 3030 Concentrator in the central site. I checked the SA encrypted and SA decrypted counters. From this I can see the ICMP packets getting to site (A) and leaving site (A).
Also the ACL incremented on the PIX in Site (A) for ICMP for that IP I have no sysopt connection permit ipsec command enable on the PIX at site (A) so the VPN is bound to an access-list.
So I can not get the concentrator to forward the packet back out the public interface to the remote access vpn user.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :