Re: Wierd VPN Issue

I actually just changed the ACLs to permit ip any any and i get the same
results...

I even reloaded the routers to make sure everything had a chance to start
fresh.

On Mon, Aug 31, 2009 at 2:41 PM, groupstudy <groupstudy_at_gmail.com> wrote:

> I have a continuous ping going to the destination from my local device on
> the network (10.10.10.34) and i get absolutely nothing from the debug of
> those two commands. When i ping from the router1 f0/0 interface i get an
> output. it's almost as if the traffic is not coming to the R1 router. but
> it is. I can see the hits on the ACL I configured to monitor the inbound
> traffic on the f0/0 int.
>
> so strange...
>
> On Mon, Aug 31, 2009 at 2:34 PM, Mad_Prof Mad_Prof <dr3d3m3nt0_at_gmail.com>wrote:
>
>> Try a traceroute to the destination and check if debug crypto
>> ipsec/isakmp reveal any errors.
>>
>>
>> Thanks
>>
>>
>> On Mon, Aug 31, 2009 at 2:28 PM, groupstudy <groupstudy_at_gmail.com> wrote:
>>
>>> The ACLs actually are 10.10.10.0 0.0.0.255 and 20.20.20.0 0.0.0.255. I
>>> made a mistake in the posting.
>>>
>>> All routing is in place. i can ping the destination sourcing from the
>>> router1 f0/0.
>>>
>>> Thanks
>>>
>>>
>>> On Mon, Aug 31, 2009 at 1:14 PM, Mad_Prof Mad_Prof <dr3d3m3nt0_at_gmail.com
>>> > wrote:
>>>
>>>>
>>>>
>>>> your acls should match your local networks and I believe should be
>>>> 10.10.10.0 0.0.0.255 and 20.20.20.0 0.0.0.255.Please verify that you
>>>> have a route
>>>> to the destination on the ping sourcing device that points to the vpn.
>>>>
>>>>
>>>> Thanks
>>>>
>>>> On Mon, Aug 31, 2009 at 12:37 PM, groupstudy <groupstudy_at_gmail.com>wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I am having a strange problem that I hope someone can help with.
>>>>>
>>>>> I have two routers with a LAN-to-LAN VPN tunnel configured between
>>>>> them.
>>>>>
>>>>> My ACL that specifies what traffic is to be encrypted and sent on the
>>>>> tunnel
>>>>> specifies the two destinations at either end:
>>>>>
>>>>> on Router 1
>>>>> access-list 100 permit ip 10.10.10.0 0.255.255.255 20.20.20.0
>>>>> 0.255.255.255
>>>>> The local network on router 1 is 10.10.10.0/24
>>>>>
>>>>> on Router 2
>>>>> access-list 100 permit ip 20.20.20.0 0.255.255.255 10.10.10.0
>>>>> 0.255.255.255
>>>>> The local network on router 2 is 20.20.20.0/24
>>>>>
>>>>> The ACLs are mirrored on each router
>>>>>
>>>>> If I ping 20.20.20.1 (R2's F0/0 int) from R1 sourcing from the
>>>>> 10.10.10.1
>>>>> interface (f0/0), the tunnel get established and the ping works (3/5.
>>>>> Subsequent pings yield 100% result. The two failed pings occur during
>>>>> the
>>>>> time it takes for the tunnel to come up).
>>>>>
>>>>> The problem is when I ping 20.20.20.1 from a device on the local LAN of
>>>>> R1 (
>>>>> 10.10.10.34/24). I cannot ping R2's f0/0. The ACLs include this
>>>>> traffic so
>>>>> I am not sure what the cause could be as to why this is not working. I
>>>>> also
>>>>> configured an ACL on the F0/0 of R1 to see if the traffic is arriving
>>>>> at the
>>>>> interface from the locally connected device (10.10.10.34/24). It is.
>>>>> I'm
>>>>> stumped...
>>>>>
>>>>> Any ideas would be greatly appreciated.
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Aug 31 2009 - 14:54:55 ART