I am currently working on 2 VPN 3005 concentrators and I want to create an IPSEC lan2lan tunnel. I've been trying to make things work but I cant seem to bring up the tunnel. here's the scenario... concentrator A connects to concentrator B via the internet. concentrator A & B have different private subnets. A can ping B but when I check on active tunnels I dont see any active tunnels. work station from the private network of concentrator A can ping the public IP of the concentrator B. but cannot connect to the private IP behind concentrator B. what I need is to bring up the VPN tunnel so that PC from the private segment of concentrator A can connect to the pc's on the private segment of cencentrator B.. thanks in advance.
The logs on the VPN3000's will be of most use to you here. If no tunnel is being built then you have either made a config error in th eL2L section on the 3000's, or you have a routing problem on the internal networks.
For the routing issue, you need to make sure that when a host behind conc-A pings a host behind conc-B that this packet gets routed to the private interface of conc-A. Normally the default route is what's used here, and quite often this points off to a firewall or some other device, NOT the concentrator. Add static routes as necessary on your internal networks to ensure these packets get routed correctly. You need to make sure the inverse is true on the network behind cocn-B also.
For the config issue, the most common mistake is that your Local and Remote network lists are not the exact opposite of each other on the two VPN3000's.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :