Scenario: I have three sites all connected ( full mesh) with IPsec/GRE tunnels and these work fine. I attempted to add a satellite office to one our sites. The sat device is a 3rd party device and is behind a rotuer/fw device. The IPSec tunnel (non-gre) appears to come up but no traffic passes.
When I ping 192.168.3.1 from the sat device (monitored using tcpdump), it cause the tunnel to come up but I don't see the Cisco side replying back.
The 192.168.180.0/24 network is at the Sat office and the 192.168.3.0/24 network is at the main office.
If I initiate a ping from the Cisco side, it doesn't prompt the tunnel to come up. ???? Any ideas?
interface Tunnel31 bandwidth 1200000 ip address 172.16.31.34 255.255.255.252 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source 220.127.116.11 tunnel destination x.x.x.x ! interface Tunnel32 bandwidth 1200000 ip address 172.16.31.57 255.255.255.252 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source 18.104.22.168 tunnel destination x.x.x.x !
interface FastEthernet0/1 bandwidth 51200 ip address 22.214.171.124 ip access-group 101 in ip flow ingress ip flow egress ip nat outside ip inspect ISP2-cbac out ip virtual-reassembly duplex auto speed auto crypto map vpnmap !
ip nat inside source route-map nonat interface FastEthernet0/1 overload
partial acl access-list 101 permit udp host 126.96.36.199 any eq isakmp access-list 101 permit udp host 188.8.131.52 eq isakmp any access-list 101 permit esp host 184.108.40.206 any ! route-map nonat permit 41 match ip address 175
access-list 133 permit ip 192.168.3.0 0.0.0.255 192.168.180.0 0.0.0.255 access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.60.0 0.0.0.255 access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.180.0 0.0.0.255 access-list 175 permit ip 192.168.3.0 0.0.0.255 any !
ip route 0.0.0.0 0.0.0.0 50.50.50.x
ip route 10.1.0.0 255.255.0.0 Tunnel32
ip route 172.18.1.0 255.255.255.0 192.168.3.254
ip route 172.18.2.0 255.255.255.0 192.168.3.254
ip route 172.18.3.2 255.255.255.255 Service-Engine0/0
(R) QM_IDLE 000852: *Aug 12 02:21:24.203: ISAKMP (1003): received packet from 220.127.116.11 dport 500 sport 35381
Global (R) QM_IDLE
3rd party device: # racoonctl -l show-sa isakmp Destination Cookies ST S V E Created Phase2 18.104.22.168.500 e1866e9ee2830764:575a7489971701ad 9 I 10 M 2013-08-11 20:04:57 1 [root@ltm1:Active:Disconnected] log # racoonctl -l show-sa isakmp Destination Cookies ST S V E Created Phase2 22.214.171.124.500 e1866e9ee2830764:575a7489971701ad 9 I 10 M 2013-08-11 20:04:57 1
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...