06-14-2010 04:46 AM
Hi All,
we have a site-to-site VPN (PIX <-> Cisco 7200). 1 local network and 4 remote subnets are in the ACLs. The VPN works fine with 2 remote subnets but does not work for the other 2.
work means we can send traffic from local to remote site.
not work means we can not send traffic from local to remote. Dont see IPSEC SA when show crypto ipsec sa.
could someone help please
Regards,
Tao
06-14-2010 05:23 AM
Check your interesting traffic ACL and your NAT & no-nat ACL's to make sure they all match.
HTH>
06-14-2010 06:54 AM
Hi Andrew,
We have checked the ACLs many times, they are identical but in reverse source and destination. We use static NAT one-to-one. and they are correct.
DO you have any ideas?
thanks,
Tao
06-14-2010 06:57 AM
If you NAT before you encrypt - you need to make sure you are not natting again after, before encryption.
Post your config for review - remove sensitive information.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: