I am trying to setup a VPN connection between two sites. The remote site is a 3650 switch connecting to a Palo alto firewall. I can bring up the VPN with no problems but I am unable to send traffic over the VPN.
Here is the config from the Cisco switch
crypto isakmp policy 10
crypto isakmp key xxxxxxxx address 10.1.1.252
crypto ipsec transform-set myset <removed>
crypto map GNFVPN 10 ipsec-isakmp
set peer 10.1.1.252
set transform-set myset
match address VPN-Traffic
ip address 10.10.0.70 255.255.255.192
crypto map GNFVPN
ip address 10.20.0.1 255.255.248.0
ip access-list extended VPN-Traffic
permit ip 10.20.0.0 0.0.255.255 any log
ip route 0.0.0.0 0.0.0.0 10.10.0.65
When I ping an address that should go over the VPN from 10.10.0.70 I see a log message that says traffic has hit the ACL and it goes over the VPN. When I try from a PC in Vlan 41 I see nothing and it goes out on the correct interface but not within the VPN.
We have 4 vlan's on this network that needs to go over the VPN and is covered by the ACL 'VPN-Traffic'. The default route is for all traffic to go out on VLAN 41.
Whe I ping a PC with a source IP address of Vlan100 (10.20.0.1) it goes over the VPN with no problems. When I try to ping from a PC on Vlan100 with an IP address of 10.20.0.250 it just goes out on the interface but no over the VPN.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :