Site-to-Site VPN problems


I have two sites, Site A has a Cisco 877 ( IOS 12.4(15)T7 Security Bundle) and Site B has a 877w ( IOS 12.4(4)T8 ). All sites are on ADSL lines with Demon (UK) as the ISP.

I have set up (using SDM) a site to site VPN using GRE, and can ping machines on both ends of the link OK. But I can only connect to machines (either using VNC or accessing shares) if going from Site A to B. Going from Site B to A fails yet pings are working OK.

I then set up a 3rd Cisco 877 router (same model/version as Site A has), lets call this Site C. This had a site to site VPN (GRE Tunnel) setup for Site A-C. With this you can ping machines on both ends, but cannot access shares or use VNC etc in either direction.

Now this to me points towards a firewall setting that is in the 877 SB routers, but not on a standard 877(w). I just can't see what or find any info that solves/helps the problem. Is this a common error/misconfiguration when using SDM for the configuration? Is there any suggestions as to a solution to get the VPN links working correctly both ways?

Wasn't sure exactly what info people would need to assist, so if someone advises me what info such as the running config, or any output of the show command I can post that info up.



Reply to
Ewan McNab
Loading thread data ...

Hi Check your ACL's.

This may help in debugging ACL's

Set a rule to allow VNC through with logging. Set up a sys log server and monitor

formatting link
Need to to this on both routers

if not sure post configs here


Reply to
peter Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.