Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Site-to-site works from one side but not the other

I've set up a site-to-site VPN between a 501 and a 506, each with its own private subnet, and everything works fine... except that machines on the 506's subnet can't contact machines on the 501's subnet.

Since the VPN tunnel works, I suspect a problem in my routing, but I'm not sure where to start troubleshooting.

Any tips? Anything I should look for?

3 REPLIES
Community Member

Re: Site-to-site works from one side but not the other

When you say "everything works fine" do you mean you are able to get two way traffic? Pings are working?

Community Member

Re: Site-to-site works from one side but not the other

Do a traceroute from a server/PC on the 506 side. You will probably asterisk out when you hit the Pix, but it should show you if you have a routing problem. Also check your crypto ACL on the 506 side. Do show xxxx access-list and see if there are hit counts incrementing. Or do a debug icmp trace on both Pixs and ping from a server on the 506 side to a server on the other side. See if there are echo-requests and echo-replies on both Pixs, assuming those are allowed over your tunnel, and that should help you figure out where it is stopping.

Green

Re: Site-to-site works from one side but not the other

If you're saying that machines behind the 501 can connect to machines behind the 506, then this would not be a routing problem as the return traffic is making it back to the 501. You'll have to be a little more specific about the problem or post configs.

126
Views
0
Helpful
3
Replies
CreatePlease to create content