Probably related to anti-spoofing, you defined f0/0 as the nat outside
interface and applied crypto map there and then the VPN traffic from remote
end enters the interface it thinks it is spoofed.
On Mon, Aug 31, 2009 at 1:04 PM, groupstudy <groupstudy_at_gmail.com> wrote:
> I figured this out. Just for fun, I configured the following on R1:
>
> access-list 199 permit ip any any
> int f0/0
> ip access-group 199 in
>
> As soon as I put that in, it began to work.
>
> This has to be a bug...
>
> Thanks for your input fellas.
>
>
>
> On Mon, Aug 31, 2009 at 3:11 PM, Rich Collins <nilsi2002_at_gmail.com> wrote:
>
> > My favorite show commands for VPN connections are:
> >
> > Router#sh crypto ipsec sa
> >
> >
> > Router#sh crypto isakmp sa
> >
> >
> > You can check security associations and byte counts.
> >
> > -Rich
> >
> > On Mon, Aug 31, 2009 at 2:54 PM, groupstudy<groupstudy_at_gmail.com> wrote:
> > > I actually just changed the ACLs to permit ip any any and i get the
> same
> > > results...
> > >
> > > I even reloaded the routers to make sure everything had a chance to
> start
> > > fresh.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Aug 31 2009 - 16:04:47 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:57 ART