Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
196
Views
0
Helpful
1
Replies

site-to-site vpn with public ip inside

isk-admin
Level 1
Level 1

‎04-27-2006 10:26 PM

I configured a site-to-site vpn with private ip inside and it function properly. Then I tested it with public ip inside and I got an error message

IPSEC (sa_initiate) : ACL = no sa created

The only thing what I have changed is the access-list command

access-list 100 permit ip 10.10.10.0 255.255.255.0 10.10.11.0 255.255.255.0

in

access-list 100 permit ip 111.111.111.0 255.255.255.0 200.200.200.0 255.255.255.0

and the ip address at inside interfaces.

I use 3DES, SHA, DH=1 and PSK for phase1 and 3DES, SHA for phase2

What´s going wrong?

Regards

Helmut

Labels:
0 Helpful
1 Reply 1

Fernando_Meza
Level 7
Level 7

‎05-03-2006 05:12 PM

Can you post your config .. if you are using a public routable address to terminate the tunnel then the crypto map needs to be applied to the external interface.

0 Helpful
Customers Also Viewed These Support Documents