Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

L2L VPN - Permitting a new Network

Hi,

I currently have a L2L VPN that connects a remote office. It is partly managed by a third party. Currently it permits traffic from our internal LAN 1.0.84.0/24. I am in the process of re-addressing our internal LAN. I have created, Vlan'd and subnetted 4 new subnets using 192.168.32.0/26 192.168.32.64/26 etc etc. The trouble I?m having is connectivity from the new subnets to the remote site.

The guy at the third party has made the changes his end to permit the new subnets. I have added rules to my access-lists as required but no joy.

access-list nonat extended permit ip 192.168.32.0 255.255.255.0 172.16.0.0 255.255.255.0

access-list 127 extended permit ip 192.168.32.0 255.255.255.0 172.16.0.0 255.255.255.0

I think the third party guy has just permitted 192.168.32.0/24, and I?m wondering if that is correct as I?m actually using 192.168.32.0/26, 192.168.32.64/26, 192.168.128.0/26 192.168.32.192/26. Should subnets be permitted individually or would 192.168.32.0/24 be a workable summarization?

Many Thanks

J Mack

1 REPLY
Hall of Fame Super Blue

Re: L2L VPN - Permitting a new Network

Hi

It shouldn't make any difference to be honest. The VPN device should just compare the address to it's crypto map so if it's crypto map says permit the /24 range and the IP address is from the 192.168.32.0/26 range it won't care. The subnet mask is not carried in the IP header of the packets.

I suspect the issue is elsewhere. Do you have a sanitised copy of your config and the remote end ??

If you bring the tunnel down and then try and connect from a 192.168.32.x addresses does the tunnel come up but no traffic passes or does the tunnel fail to initialise ?

HTH

Jon

146
Views
0
Helpful
1
Replies
CreatePlease to create content