Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
0
Helpful
17
Replies

VPN3000 to Cisco806 with assigned IP address.

pemelin
Level 1
Level 1

‎12-02-2002 07:23 AM - edited ‎03-09-2019 01:15 AM

I dont get a tunnel to pass traffic between a VPN3005 and a 806-router. The router runs over ADSL and get its public address through DHCP. The tunnel is established and the router encrypts packets and sends them to the VPN-concentrator, but the replies never comes back.

I'm running version 3.6.5 on the VPN3005 and 12.2(11)T2 on the router.

What could be the problem?

Labels:
0 Helpful
17 Replies 17

ajagadee
Cisco Employee
Cisco Employee
In response to ajagadee

‎12-18-2002 11:33 AM

Hi Peter,

Here we go, I guess you have an access-list on the 806 like this:

access-list 100 permit ip any 192.168.4.0 0.0.0.255

Where 192.168.4.0/24 is the network behind the VPN3000.

In this case when the 806 initiates and makes a connection with the VPN3000, you will see 0.0.0.0 under the IPSec SA on the VPN3000 which basically means that any IPSec traffic from the VPN3000 is going to be sent via this SA. And this is why the clients are not getting the return traffic.

Pls change your access-list from any to a specific network and let me know how it goes.

Regards,

Arul

0 Helpful

pemelin
Level 1
Level 1
In response to ajagadee

‎12-19-2002 12:49 AM

YES, YES, YES...!!!!!!!!

It works!!! You were absolute right - I had an ACL like that.

Thank you very much for your help, Arul!

/Peter

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to pemelin

‎12-19-2002 12:58 AM

Hi Peter,

Thanks for the update!! Glad to know that everything is working fine now.

Regards,

Arul

0 Helpful
Customers Also Viewed These Support Documents