VPN 2811 to 3005

- P
- PabloFiasko
  
  Contact options for registered users
posted
17 years ago

Thu, Jun 16, 2005 9:58 AM

Hi,

I have a running 3005 concentrator and I am about to test a 2811. I configure a VPN on both sides but I do not get it up and running. When I use the "test tunnel" feature in SDM it first tells me tunnel is down and then stages thru all tasks successfully asking me then for some addresses of the local and remote lan and then it ends up in "peer not responding". On the 3005 I see log entries "Tunnel rejected: Policy not found for Src:x.x.x.x, Dst: x.y.y.y!" Strange thing - the dst addy here is nowhere configured - neither on the 3005 nor on the

2811. Where does it come from? Has anybody got an idea what is going on here or is there a document referencing an example config? Thx

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
posted
17 years ago

Thu, Jun 16, 2005 3:40 PM

In article , PabloFiasko wrote: :I have a running 3005 concentrator and I am about to test a 2811. I :configure a VPN on both sides but I do not get it up and running.

:On the 3005 I see log entries "Tunnel rejected: :Policy not found for Src:x.x.x.x, Dst: x.y.y.y!" Strange thing - the :dst addy here is nowhere configured - neither on the 3005 nor on the :2811. Where does it come from?

I'm not particularily familiar with the workings of the 3005 Concentrator.

On the PIX or under IOS, when you configure EzVPN or vpdn, you usually nominate an ip address pool to allocate the IPs out of; if you do not specifically configure one for the link, then at least under IOS it will use a handy ip address pool, even if there is no explicit reference to that pool. If you have only a dhcp pool, it might even use that [not something I've tested.]

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.