Velocity Reviews

Velocity Reviews (
-   Cisco (
-   -   Cannot send traffic out vpn tunnel (

BluffPlace 02-25-2010 04:21 PM

Cannot send traffic out vpn tunnel
We have a Cisco 3030 vpn concentrator. I created 2 separate vpn tunnels which are up. I am receiving traffic from them, but I am not sending anything out. One of the remote sites has a peer address of and their internal address is 192.168.101.x. How do I send traffic out. Below is a copy of my edge router config.

interface Tunnel0
description Primary-Zscaler-Tun
ip address 255.255.255.x ip mtu 1476
ip nat outside
tunnel source
tunnel destination

interface Ethernet0/0
ip address 255.255.255.x secondary
ip address 255.255.255.x
ip access-group 102 out
ip nat inside
ip route-cache policy
ip policy route-map Zscaler-redirect
duplex auto

interface Ethernet0/0.1

interface GigabitEthernet0/0
ip address
ip helper-address
negotiation auto
ipx network 7 encapsulation SAP
ipx gns-response-delay 1
ipx type-20-propagation

interface Serial1/0
description T3-18MB Verizon-ISP
ip address 255.255.255.x2
no ip redirects
no ip proxy-arp encapsulation ppp
no ip mroute-cache
ip policy route-map net-11
load-interval 30
framing c-bit
cablelength 10
dsu bandwidth 18948
no cdp enable

interface ATM2/0
no ip address
atm uni-version 3.1
no atm ilmi-keepalive

interface ATM2/0.1 point-to-point
bandwidth 75000
ip address 255.255.255.x
ip policy route-map net-11
pvc 1/57
vbr-nrt 10000 10000 100
encapsulation aal5sna

interface ATM2/0.5 point-to-point
bandwidth 145000
ip address
ip helper-address
ip policy route-map net-10
pvc obd 5/55
protocol ip broadcast
vbr-nrt 145000 145000 1000
encapsulation aal5snap

ipx network A21

router eigrp 1
no auto-summary
no eigrp log-neighbor-changes

ip nat inside source route-map Zscaler interface Tunnel0 overload
ip classless
ip route
ip route
ip route
no ip http server

ip access-list extended Zscaler
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq 389
access-list 102 permit ip any anyaccess-list 111 permit ip any any
access-list 112 permit ip any anyaccess-list 116 permit ip any
access-list 117 permit ip any

route-map Zscaler permit 10
match ip address Zscaler
set interface Tunnel0

route-map net-11 permit 11
set interface Ethernet0/0

route-map net-10 permit 10
match ip address 111
set ip next-hop

route-map Zscaler-redirect permit 10
match ip address Zscaler
set interface Tunnel0

route-map PBR1 permit 10
match ip address 116
set interface Serial1/0
set ip next-hop

route-map PBR1 permit 20
match ip address 117
set interface ATM2/0.1
set ip next-hop


All times are GMT. The time now is 12:43 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.