Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

vpn some subnet works others dont

Hi All,

we have a site-to-site VPN (PIX <-> Cisco 7200). 1 local network and 4 remote subnets are in the ACLs. The VPN works fine with 2 remote subnets but does not work for the other 2.

work means we can send traffic from local to remote site.

not work means we can not send traffic from local to remote. Dont see IPSEC SA when show crypto ipsec sa.

could someone help please

Regards,

Tao

3 REPLIES

Re: vpn some subnet works others dont

Check your interesting traffic ACL and your NAT & no-nat ACL's to make sure they all match.

HTH>

Community Member

Re: vpn some subnet works others dont

Hi Andrew,

We have checked the ACLs many times, they are identical but in reverse source and destination. We use static NAT one-to-one. and they are correct.

DO you have any ideas?

thanks,

Tao

Re: vpn some subnet works others dont

If you NAT before you encrypt - you need to make sure you are not natting again after, before encryption.

Post your config for review - remove sensitive information.

502
Views
0
Helpful
3
Replies
CreatePlease to create content