Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN public IP & ACL

i have c1841, with 2 ipsec tunnels to other sites, do i need to put the peer site public iP into my ACL & ios firewall to allow routing between all 3 sites (hub & both spoke)?

pinging the LAN ip of the other spoke site from hub router CLI fails, & same on the spoke sites, what could be wrong or missing

thanks

2 REPLIES

Re: VPN public IP & ACL

Hi

Can you post the configs of your hub site and the remote locations ?

So that they can be verified and suggestions can be made ?

regds

Re: VPN public IP & ACL

Any ACL on internet-facing interface must allow UDP500 and ESP between the VPN peers.

In old IOS versions you must also allow the unencrypted traffic too.

118
Views
0
Helpful
2
Replies
CreatePlease login to create content