One way traffic over a VPN

Discussion in 'Cisco' started by Gordon Philip, Feb 25, 2005.

  1. I have a Cisco 1721 (192.168.111.1/24) connecting via an IPSEC tunnel to
    IPCop Version1.4.2 (192.168.1.0/24)

    From the 192.168.111.1 end I can ping any machine on the 192.168.1.0/24
    subnet however machines on the 192.168.1.0 end can not ping anything on the
    192.168.111.0/24 subnet

    Can anyone suggest were I shouls start looking for the problem as I though
    that if the routes were not set correctly then neither would work

    Thanks

    Confused of Aylesbury
     
    Gordon Philip, Feb 25, 2005
    #1
    1. Advertisements

  2. :I have a Cisco 1721 (192.168.111.1/24) connecting via an IPSEC tunnel to
    :IPCop Version1.4.2 (192.168.1.0/24)

    :From the 192.168.111.1 end I can ping any machine on the 192.168.1.0/24
    :subnet however machines on the 192.168.1.0 end can not ping anything on the
    :192.168.111.0/24 subnet

    :Can anyone suggest were I shouls start looking for the problem as I though
    :that if the routes were not set correctly then neither would work

    Mismatched crypto map ACLs can lead to one-way traffic, and the results
    can depend upon which end initiated the tunnel. Examine the IPSec SA's
    (Security Associations) carefully.

    Check also that the ACL on the interface that the VPN terminates on
    on the 1721 permits the icmp echo traffic from 192.168.1.0/24.
     
    Walter Roberson, Feb 25, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.