Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

vpn problem

I have what would appear to be a simple lan to lan vpn.

I have enabled: sysopt connection permit-ipsec.

The remote site works as expected - without the use of any access-list assigned to the inside interface for vpn traffic.

The local site will not operate unless I have a crypto access-list and an access-list assigned to the inside interface.

example:

local:

access-list inside extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

!

access-list cryto_acl extnded permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

!

access-group inside in interface inside

!

When both access-lists do not exist it is not possible to connect to the remote site!!

does anyone have any ideas?!

thanks

2 REPLIES
Blue

Re: vpn problem

the type of configuration required to create a vpn tunnel will be dependent on the type(s) of hardware involved, both ends, as well as the version of IOS on both ends.

can you provide the hardware model for both ends as well as the IOS verison their running?

this will help us determine why you get certain behavior on one device but not on the other.

Bronze

Re: vpn problem

You need to have access lists on both remote and local sites for lan to lan vpn working properly. And the two ACLs need to be mirrored. For ex:

local:

access-list inside extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

remote:

access-list inside extended permit ip 2.2.2.0 255.255.255.0 1.1.1.0 255.255.255.0

114
Views
0
Helpful
2
Replies
CreatePlease to create content