Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1332
Views
0
Helpful
5
Replies

Site-to-Site connection over Easy VPN

serdar.karahanoglu
Level 1
Level 1

‎04-07-2010 06:27 AM

Hi ,

I have been using easy VPN for a long time, but without split tunneling. Last Monday, I made a change in Easy VPN connection and add split-tunnelling properties. I configured all my access succesfully, but site-to-site VPN tunnels. I added other site internel IP subnet and peer IPs, but still cannot reach.

I want to reach other site over Easy VPN, because I was able to reach before split tunnelling operation.

What should I check , or what else will I do ?


Any help greatly appreciated..


Regards.

Labels:
0 Helpful
5 Replies 5

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎04-07-2010 06:36 AM

Hi,

EzVPN could cause problems with split tunneling if in client mode.

Do you have EzVPN in network or client mode?

To check the Site-to-Site problem can you post the configs?

Federico.

0 Helpful

serdar.karahanoglu
Level 1
Level 1
In response to Federico Coto Fajardo

‎04-07-2010 06:52 AM

Sorry, But I dont have any oppurtunity about using EzVPN , because site-to-site VPN connection links our company to another company. The other company uses Checkpoint for firewall. That's why I cannot use EzVPN tech for this situation.

But I thought that If I added the other company's internal network subnet to split tunnel IPs , It went over the site-to-site tunnel.But it did not.

So I added more like peer IP of other company but it is not still working.

I dont want to change my site-to-site configuration because of other company's  approach of IT problem.

Thanks.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to serdar.karahanoglu

‎04-07-2010 08:25 AM

Sure, it should work with no problems.

Could you post the configuration from your side?

Federico.

0 Helpful

serdar.karahanoglu
Level 1
Level 1
In response to Federico Coto Fajardo

‎04-07-2010 12:51 PM

here is the config file

sorry about A.B.C.D  I have tried to hide punlic IPs

thanks again

63103-config.txt.zip
0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to serdar.karahanoglu

‎04-13-2010 12:39 PM

Ok,

The Site-to-Site tunnel should be established from the PIX to IP A.B.17.252.

The interesting traffic is the traffic defined in access-list outside_cryptomap_20_1 (from any source to 192.168.5.0/24)

If 192.168.5.0/24 is indeed the network that you're trying to reach, then you should add this statement:

access-list inside_nat0_outbound permit ip any 192.168.5.0 255.255.255.0

This command:

route inside 192.168.5.0 255.255.255.0 172.16.0.2 1

Is sending traffic to 192.168.5.0/24 to the inside, which is incorrect if that's the other site's subnet.

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents