Hi, i cannot get the routing between two ipsec connected network working.
The setup looks like this: (192.168.x.x/16) NET A (.150/24) NET B (.253/24) | | | -- -- NET C (.3/24) -- -- | | NET D (.1/24)
I get the following error message when trying to ping from a host in Net B to Net A:
*Mar 27 10:47:41.219: IP: s=192.168.253.1 (Dialer0), d=192.168.150.1 (Dialer0), len 84, crypto map check failed.At the same time, traffic flows fine back and forth between Net D to A and B. Basically i want to route all connected 192.168.x.x/16 Networks between the sites.
Im suspecting it`s somewhere in the access lists ?
#sho ip access-lists Standard IP access list 1 10 permit 192.168.3.0, wildcard bits 0.0.0.255 (128 matches) 20 permit 192.168.0.0, wildcard bits 0.0.255.255 (26 matches) 40 deny any log (7 matches) Extended IP access list NET_A 10 permit ip 192.168.150.0 0.0.0.255 192.168.0.0 0.0.255.255 (1 match) 20 permit ip 192.168.0.0 0.0.255.255 192.168.150.0 0.0.0.255 (193586 matches) Extended IP access list NET_B 10 permit ip 192.168.253.0 0.0.0.255 any (9493 matches) 20 permit ip 192.168.0.0 0.0.255.255 192.168.253.0 0.0.0.255 (151845 matches) Extended IP access list NO_NAT_DEST 10 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 30 permit ip any any
The remote peers are using a dynamic-map like like this one:
crypto dynamic-map DYNMAP-1 1 description dynamic cryptomap 1 set transform-set IPSEC-Set match address NET_B reverse-route remote-peer
could someone point to me were i fouled up ?
many tia! Dirk