I have two sites with IPsec tunnel… only one Phase II LAN works

Started by ao, March 27, 2023, 03:47:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 27, 2023, 03:47:17 PM
1. I have two sites with IPsec tunnel... one LAN works both ways, but additional LANs do not - thet are configured as per attachment.
March 27, 2023, 03:48:51 PM #1
While three LANs configured for Phase II - only one LAN works ... (see attachement)
March 27, 2023, 03:50:19 PM #2
3. The Phase 1 seems to work fine ... (see attached)
March 27, 2023, 03:52:55 PM #3
Phase II seems to setup routes  OK ...
Phase II seems to setup security Policy DB  OK ...
The IP Secs firewalls are open ...
Nothing obvious in log files ...

Looking for advice on where to look next please  :)
March 27, 2023, 03:58:13 PM #4
The other side has all three networks as local? Have you tried enabling tunnel isolation?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 11, 2023, 01:36:27 PM #5
Thank You - I finally got help - it is not obvious but need to have matching rule on each end for reverse route ...
April 11, 2023, 01:55:19 PM #6
This is obvious ;) In a static tunnel setup all participating sites need full information. Unless default routes/SAs are in place, of course.

Glad you got it working.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions