Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Problem

Hi sir,

My company has been using a site2site VPN connecting the branch office and the HQ. Originally, the HQ only allow the branch network ( to access the HQ network (, and it works fine. Now the branch needs to access another network ( in the HQ. So we both sides added the ACL for the NO NAT and the interesting VPN traffic. But it doesn't work - The network still can NOT access the network in the HQ. You don't need to think about the problem of the routing and configuration, as the configuraton for is same as the configuraton for I did some tests and found that the ACL for the interesting VPN traffic does NOT work. It still only allow the network to access To me it is really weird, I am wondering if it is caused by the protocol.[I am using the esp-des esp-sha-hmac for the transform set.] As the problem doesn't happen on the VPN that uses esp-des esp-md5-hmac protocol.

Could you please help me to figure it out? Thanks in advance!!


Re: VPN Problem

Hi there,

You are saying "As the problem doesn't happen on the VPN that uses esp-des esp-md5-hmac protocol". Basically this is the same VPN. It is between the same endpoints, and you should have only one esp-des esp-md5-hmac protocol.

Start from the existing VPN that works and add the crypto ACL and NAT 0 statements required for the new traffic on both ends.

Can you attach a sanitized config?

Please rate if this helped.



CreatePlease to create content