here is the deal, i'm in charge of supporting corporate network. this particular VPN is setup on few desktops which are on my Corp LAN. I don't have access to vew nor troublehsoot this VPN connection. Group who is in charge of VPN is stating its corporate LAN issue. Desktop when is not on VPN communicates fine over corprate network.
My question: crypto ACL. Is it on concentrator? If you could please provide more info. Really appreciated!
hi, i understand that it is a lan to lan vpn ipsec tunnel.
I understand you don't have access to view or troubleshoot ... this will be kind of hard, however if you can answer these questions, we'll get more background to solve this.
what ipsec/isakmp settings do both peers have? can you get a copy of the config of both ends? it is very likely that it is an issue with proxy id's, however you can also check pfs if it is enabled on your 2 vpn peers. if it is, make sure you have the same group on both. what about nat? are you avoiding nat to the remote end of the tunnel if it is implemented?
when unable to communicate, clear crypto ipsec sa counters on both ends, try to send traffic and check the packets received and transmitted, if the issue is internal routing on the remote end, the local end will see packets Tx but not Rx.
to answer your question... crypto acl is the match address xxxx on your ipsec config and this is on your ipsec peer.
what devices do you have for vpn? ASA? Routers? 3000?
Good to hear! i thought it was a l2l tunnel. if this is a vpn client, next time you can take a look at the logs on the vpn client, just enable logs, set them all on level 3, connect and try to pass traffic. then check the statistics of the vpn client and check the packets received and transmitted to give you an idea of where the problem may be :) Have a good one!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :