I have a strange problem that I can't get to the bottom of.
I have an IPSEC Site to site VPn between 2 sites. The crypto ACLs at each site are matched.
Site A - permit ip 188.8.131.52 0.0.0.255 10.44.128.0 0.0.15.255
Site B - permit ip 10.44.128.0 0.0.15.255 184.108.40.206 0.0.0.255
From Site A - I can ping anything on the following networks - 10.44.130.0, 10.44.132.0, 10.44.133.0, 10.44.134.0, 10.44.135 and so forth.
I cannot ping however anything on 10.44.128.0, 10.44.129.0, 10.44.131.0 networks.
Same problem if I source from the addresses above from Site B.
Any idea why this is? My ACL above covers the addresses I cannot ping. The interfaces are up and I can ping internally etc.. but when going across the VPN, some are reachable and some are not. I have removed any inbound/outbound ACLs also just to test, still the same though.
I would suggest going through the NAT0 configurations for errors in any network masks and also checking the routing on Site A to confirm that there is also no errors in network masks that would prevent return traffic from being correctly forwarded back to the host on Site B.
I have had situation with ASAs where using multiple networks through the L2L VPN and some of the networks have simply not been forwarded to L2L VPN. Active device change or reboot has corrected the situation.
I guess would really have needed debugging during the problem to determine the actual problem.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :