VPN 221 and 1010

[mrks1]

Hello,

i've successfully managed to create a Branch Office VPN tunnel where 221 is initiator and 1010 responder. Compression is disabled and i use IPSec DES-MD5 Group1.

There is always a "BUT" here i can't get any traffic to go trough the tunnel, i'm trying to ping a hot on the other site of the tunnel but with no success.

My scenario is like this:

221
LAN: 192.168.1.0/24
WAN: 192.168.2.1/24
type: Branch Office
aggressive
id type: DNS
content: vpn-link
secure gw address: 192.168.2.2
ESP - DES - MD5

1010
LAN: 192.168.3.0/24
WAN: 192.168.2.2/24
type: Branch Office
Responder
initiator id: vpn-link

when i try to ping a host on 192.168.3.0/24 network i'm getting the vpn tunnel but there is no response. I've also disable the firewalls on 221 and 1010.

Any pointers where to look for the problem?

Thanks

 

[Brat2]

Hi,

I am not a specialist of 221 nor 1010 but have you checked routing table? Maybe you need to add static router to get it work via tunnel?

Regards,
brat

 

[mrks1]

Thanks Brat,

i got it working before i read this forum but you are right, on my 221 i had non existing ip as wan default gateway (it can't be blank) because i was thinking it going to route the packets to the ip of the remote router (on 1010 there is a branch office routing table) but on 221 you need to specify the route or use a real gateway (in real work scenario all packets will be routed to the default gateway and you will reach the remote network).

It was error in my lab scenario, now everything is working perfectly.

Thanks for trying to help

Regards,
Nikola