Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

2x SA520 Site-to-Site VPN

Hi,

We are trying to set up a site-2-site VPN for a remote office.

Purpose is to redirect all traffic from the remote site to the main site (access to local network servers but also web access , VOIP ..)

We would need also to have access from the main site to the computer on the remote site (Active directory, RDP etc..)

Routers are SA520 on both side, 2.1.71 installed, default settings after flash.

Main site :

Router on 192.168.0.254

Public IP 11.11.11.11 (not really of course)

192.168.0.0/24

Remote site

Router on 192.168.75.254

Public IP 22.22.22.22(not really of course)

192.168.75.0/24

VPN is IPSEC and is connecting well and established.

VPN policy is created by the wizard, Main site  for example :

EnabledHDENoneAuto Policy192.168.0.0 / 255.255.255.0192.168.75.0 / 255.255.255.0SHA-1AES-128

We can ping from any computer on the remote site to the router of the main site , but that's all. No access to LAN and nothing at all in the other way.

It's clear there is a route missing, but where ? how ?

Thanks in advance !

Claude

Everyone's tags (4)
1 REPLY
Green

Re: 2x SA520 Site-to-Site VPN

Hi Claude,

I will first admit I'm not much of a Microsoft guy. However, I do have some experience working through similar scenarios from taking inbound calls.

One thng I've learned over the last couple years that may be the cause, when using the active directory, the group policies view the VPN connection is a "public connection" and not a "private connection".  I've also heard you may need to make the policies aware of the different subnet as the request from the remote router is not of the same subnet of the AD LAN and therefore isn't trusted.

Of course, other things to check are the firewall settings and 3rd party security applications which block ICMP.

I hope this may help point to a right direction at all.

Edit;

Just as a funny side story, I had one time it got to the point a customer is very frustrated, he unplugged his server box power and everything worked great until he plugged it back in.

-Of course I don't recommend doing that but it is an "interesting" test.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
1040
Views
0
Helpful
1
Replies
CreatePlease to create content