Cannot send traffic out vpn tunnel

Discussion in 'Cisco' started by BluffPlace, Feb 25, 2010.

  1. BluffPlace

    BluffPlace

    Joined:
    Sep 28, 2009
    Messages:
    1
    Hello
    We have a Cisco 3030 vpn concentrator. I created 2 separate vpn tunnels which are up. I am receiving traffic from them, but I am not sending anything out. One of the remote sites has a peer address of 65.1.3.4 and their internal address is 192.168.101.x. How do I send traffic out. Below is a copy of my edge router config.

    interface Tunnel0
    description Primary-Zscaler-Tun
    ip address 172.17.6.33 255.255.255.x ip mtu 1476
    ip nat outside
    tunnel source 151.8.2.6
    tunnel destination 4.79.205.35

    interface Ethernet0/0
    ip address 65.1.5.2 255.255.255.x secondary
    ip address 151.8.3.5 255.255.255.x
    ip access-group 102 out
    ip nat inside
    ip route-cache policy
    ip policy route-map Zscaler-redirect
    duplex auto

    interface Ethernet0/0.1

    interface GigabitEthernet0/0
    ip address 10.10.0.8 255.255.0.0
    ip helper-address 10.100.91.5
    negotiation auto
    ipx network 7 encapsulation SAP
    ipx gns-response-delay 1
    ipx type-20-propagation

    interface Serial1/0
    description T3-18MB Verizon-ISP
    ip address 208.4.2.0 255.255.255.x2
    no ip redirects
    no ip proxy-arp encapsulation ppp
    no ip mroute-cache
    ip policy route-map net-11
    load-interval 30
    scramble
    framing c-bit
    cablelength 10
    dsu bandwidth 18948
    no cdp enable

    interface ATM2/0
    no ip address
    atm uni-version 3.1
    no atm ilmi-keepalive

    interface ATM2/0.1 point-to-point
    bandwidth 75000
    ip address 151.8.2.6 255.255.255.x
    ip policy route-map net-11
    pvc 1/57
    vbr-nrt 10000 10000 100
    encapsulation aal5sna

    interface ATM2/0.5 point-to-point
    bandwidth 145000
    ip address 10.15.0.2 255.255.255.252
    ip helper-address 10.100.91.5
    ip policy route-map net-10
    pvc obd 5/55
    protocol ip 10.15.0.1 broadcast
    vbr-nrt 145000 145000 1000
    encapsulation aal5snap

    ipx network A21

    router eigrp 1
    network 10.0.0.0
    no auto-summary
    no eigrp log-neighbor-changes

    ip nat inside source route-map Zscaler interface Tunnel0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 151.8.2.5
    ip route 10.70.1.1 255.255.255.255 10.60.1.2
    ip route 10.70.1.2 255.255.255.255 10.60.1.2
    no ip http server

    ip access-list extended Zscaler
    permit tcp any any eq www
    permit tcp any any eq 443
    permit tcp any any eq 389
    access-list 102 permit ip any anyaccess-list 111 permit ip any any
    access-list 112 permit ip any anyaccess-list 116 permit ip 65.1.5.0 0.0.0.31 any
    access-list 117 permit ip 151.8.3.4 0.0.0.31 any

    route-map Zscaler permit 10
    match ip address Zscaler
    set interface Tunnel0

    route-map net-11 permit 11
    set interface Ethernet0/0

    route-map net-10 permit 10
    match ip address 111
    set ip next-hop 10.10.0.1

    route-map Zscaler-redirect permit 10
    match ip address Zscaler
    set interface Tunnel0

    route-map PBR1 permit 10
    match ip address 116
    set interface Serial1/0
    set ip next-hop 208.4.2.9

    route-map PBR1 permit 20
    match ip address 117
    set interface ATM2/0.1
    set ip next-hop 151.8.2.5

    gatekeeper
    shutdown
     
    BluffPlace, Feb 25, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,123
  2. Trouble
    Replies:
    0
    Views:
    655
    Trouble
    Aug 4, 2006
  3. Trouble
    Replies:
    1
    Views:
    558
  4. Evolution
    Replies:
    1
    Views:
    864
    Walter Roberson
    Feb 27, 2007
  5. SteveB
    Replies:
    0
    Views:
    575
    SteveB
    Nov 1, 2007
Loading...

Share This Page