Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN site to site doesn't work?

Dear All,

Please help me to verify configuration as in attach file.

i did VPN site to site, so my configuration the tunnel is up already but the IP sec it not working.

So from client HQ cannot ping to client Branch( i mean cannot access anything ).

Could you help to verify on this ?

Best Regards,

Rechard

4 REPLIES
Community Member

Re: VPN site to site doesn't work?

Hi rechard,

If everything seems ok for u then May be the problem exists because of IP NAT,try the configuration without IP NAT

Cisco Employee

Re: VPN site to site doesn't work?

1) Crypto ACL (ACL 176) is incorrect on both routers.

On HQ, it should be as follows:

access-list 176 permit ip 192.168.51.0 0.0.0.255 192.168.50.0 0.0.0.255

On Branch, it should be as follows:

access-list 176 permit ip 192.168.50.0 0.0.0.255 192.168.51.0 0.0.0.255

2) Further to that, the NAT ACL (ACL 175) is also incorrect.

On HQ, it should be as follows:

access-list 175 deny   ip 192.168.51.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 175 permit ip 192.168.51.0 0.0.0.255 any

On Branch, it should be as follows:

access-list 175 deny   ip 192.168.50.0 0.0.0.255 192.168.51.0 0.0.0.255
access-list 175 permit ip 192.168.50.0 0.0.0.255 any

Hope that helps.

Community Member

Re: VPN site to site doesn't work?

Dear halijenn,

thanks you for your help!!!

Let me follow you!!!!

when i it still problem, how can i fix next?

Best Regards,

Rechard

Cisco Employee

Re: VPN site to site doesn't work?

Should work after the changes. If it still doesn't work, please re-post the latest configuration from both sides, and also the output of "show cry isa sa" and "

show cry ipsec sa".

281
Views
0
Helpful
4
Replies
CreatePlease to create content