your acls should match your local networks and I believe should be
10.10.10.0 0.0.0.255 and 20.20.20.0 0.0.0.255.Please verify that you have a
route
to the destination on the ping sourcing device that points to the vpn.
Thanks
On Mon, Aug 31, 2009 at 12:37 PM, groupstudy <groupstudy_at_gmail.com> wrote:
> Hello,
>
> I am having a strange problem that I hope someone can help with.
>
> I have two routers with a LAN-to-LAN VPN tunnel configured between them.
>
> My ACL that specifies what traffic is to be encrypted and sent on the
> tunnel
> specifies the two destinations at either end:
>
> on Router 1
> access-list 100 permit ip 10.10.10.0 0.255.255.255 20.20.20.0 0.255.255.255
> The local network on router 1 is 10.10.10.0/24
>
> on Router 2
> access-list 100 permit ip 20.20.20.0 0.255.255.255 10.10.10.0 0.255.255.255
> The local network on router 2 is 20.20.20.0/24
>
> The ACLs are mirrored on each router
>
> If I ping 20.20.20.1 (R2's F0/0 int) from R1 sourcing from the 10.10.10.1
> interface (f0/0), the tunnel get established and the ping works (3/5.
> Subsequent pings yield 100% result. The two failed pings occur during the
> time it takes for the tunnel to come up).
>
> The problem is when I ping 20.20.20.1 from a device on the local LAN of R1
> (
> 10.10.10.34/24). I cannot ping R2's f0/0. The ACLs include this traffic
> so
> I am not sure what the cause could be as to why this is not working. I
> also
> configured an ACL on the F0/0 of R1 to see if the traffic is arriving at
> the
> interface from the locally connected device (10.10.10.34/24). It is. I'm
> stumped...
>
> Any ideas would be greatly appreciated.
>
> Thanks!
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Aug 31 2009 - 13:14:30 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:57 ART