Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Works from remote VPN to VLAN but not from VLAN to remote VPN

Status
Not open for further replies.

msalomon

Programmer
Dec 13, 2003
26
DK
Hi,

I have a site-to-site vpn connection. It works fine from vlan 1 both ways.
I have a sub interface with a vlan. From this vlan it works to and from my inside network. I can connect/ping from the remote site-to-site vpn but not the other way.

Anyone here that can point me to the right direction?

Thanks in advance.

 
post the config? Sounds like an interface security level thing?
 
Hi ADB100,

Thank you for taking the time to help me.

I have cut some lines from the configuration without (hope it is enough else let me know and yes the local net of the remote site 2 site vpn is 150.150.99.0 :):

interface Ethernet0/0
nameif inside
security-level 100
ip address 10.10.20.13 255.255.255.0 standby 10.10.20.14
!
interface Ethernet0/0.31
vlan 31
nameif test-net
security-level 20
ip address 10.10.31.1 255.255.255.0 standby 10.10.31.2
!

access-list no-nat extended permit ip 10.10.0.0 255.255.0.0 150.150.99.0 255.255.255.0
access-list outside_cryptomap_4 extended permit ip 10.10.0.0 255.255.0.0 150.150.99.0 255.255.255.0

global (outside) 10 interface
global (outside) 4 10.10.20.254 netmask 255.255.255.255
global (dmz) 10 interface
nat (inside) 0 access-list no-nat
nat (inside) 4 access-list 101010nat
nat (inside) 10 10.10.10.0 255.255.255.0
nat (inside) 10 10.10.20.0 255.255.255.0
nat (test-net) 10 10.10.31.0 255.255.255.0
nat (outside) 4 access-list outside_nat_outbound

static (outside,inside) 10.99.103.0 150.150.99.0 netmask 255.255.255.0
static (outside,outside) 10.99.103.0 150.150.99.0 netmask 255.255.255.0
static (inside,test-net) 10.10.20.53 10.10.20.53 netmask 255.255.255.255
static (inside,test-net) 10.10.20.50 10.10.20.50 netmask 255.255.255.255
static (test-net,outside) 10.10.31.31 10.10.31.31 netmask 255.255.255.255
static (test-net,inside) 10.99.103.0 150.150.99.0 netmask 255.255.255.0

access-group inside_access_in in interface inside
access-group test-net_in in interface test-net
access-group acl_out in interface outside

crypto map XXXMap 2 match address outside_cryptomap_4
crypto map XXXMap 2 set peer test-WG
crypto map XXXMap 2 set transform-set ESP-3DES-SHA
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top