Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
0
Helpful
2
Replies

VPN public IP & ACL

mwwg
Level 1
Level 1

‎08-11-2006 05:07 AM - edited ‎02-21-2020 02:34 PM

i have c1841, with 2 ipsec tunnels to other sites, do i need to put the peer site public iP into my ACL & ios firewall to allow routing between all 3 sites (hub & both spoke)?

pinging the LAN ip of the other spoke site from hub router CLI fails, & same on the spoke sites, what could be wrong or missing

thanks

Labels:
0 Helpful
2 Replies 2

spremkumar
Level 9
Level 9

‎08-14-2006 05:02 AM

Hi

Can you post the configs of your hub site and the remote locations ?

So that they can be verified and suggestions can be made ?

regds

0 Helpful

grant.maynard
Level 4
Level 4

‎08-15-2006 04:30 AM

Any ACL on internet-facing interface must allow UDP500 and ESP between the VPN peers.

In old IOS versions you must also allow the unencrypted traffic too.

0 Helpful
Customers Also Viewed These Support Documents