Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN lan-to-lan Routing

I have an ipsec tunnel created between a 1841 and 871. I have vlan1 as on the 871 and 10.1.4,10.1.3, and 10.1.2 on the 1841. I cannot ping from each router to any destination lan ip. I do not know how to add a static route to make these work. Can anyone advise?

Community Member

Re: VPN lan-to-lan Routing

From what I can tell, your 10.1.x.x networks are not in the encryption domain for your IPSec tunnel. So, the packet will follow the default routes in place already (x.x.x.237 on the 1841 and x.x.x.33 on the 871) unencrypted. If your intent is to connect these privately addressed networks over the internet or WAN you can't control routing for, you'll need to add those networks to the encryption domain. After that, they'll follow the default route already in place, however they will be encrypted and passed to the other IPSEC tunnel endpoint. Same for the reverse path. For pings, you'll also need to add to the encryption domain ICMP from / to your public IP address and/or use an extended ping to source from your 10.1.x.x interface. After you get the encryption domain specified properly, you should be OK, providing your tunnel sets up right.

CreatePlease to create content