12-02-2002 07:23 AM - edited 03-09-2019 01:15 AM
I dont get a tunnel to pass traffic between a VPN3005 and a 806-router. The router runs over ADSL and get its public address through DHCP. The tunnel is established and the router encrypts packets and sends them to the VPN-concentrator, but the replies never comes back.
I'm running version 3.6.5 on the VPN3005 and 12.2(11)T2 on the router.
What could be the problem?
12-18-2002 11:33 AM
Hi Peter,
Here we go, I guess you have an access-list on the 806 like this:
access-list 100 permit ip any 192.168.4.0 0.0.0.255
Where 192.168.4.0/24 is the network behind the VPN3000.
In this case when the 806 initiates and makes a connection with the VPN3000, you will see 0.0.0.0 under the IPSec SA on the VPN3000 which basically means that any IPSec traffic from the VPN3000 is going to be sent via this SA. And this is why the clients are not getting the return traffic.
Pls change your access-list from any to a specific network and let me know how it goes.
Regards,
Arul
12-19-2002 12:49 AM
YES, YES, YES...!!!!!!!!
It works!!! You were absolute right - I had an ACL like that.
Thank you very much for your help, Arul!
/Peter
12-19-2002 12:58 AM
Hi Peter,
Thanks for the update!! Glad to know that everything is working fine now.
Regards,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide