Site to site IPSec VPN: VLAN5 <-> LAN2 interface

I’m trying to set up a tunnel between a VLAN on 1 site and a regular LAN interface on the other site. The tunnel seems to work fine, but I cannot make any connection to the devices.

 

I have tried site to site and vti, both seem to connect, but cannot ping. Tunnel interface between 2 LAN interfaces is no problem, but I need VLAN <-> LAN2.



 

VPN_TEL_LOCAL Left: Subnet: 192.168.5.0

VPN_TEL_REMOTE Left: Subnet: 192.168.10.0

 

VPN_TEL_LOCAL Right: Subnet: 192.168.10.0

VPN_TEL_REMOTE Right: Subnet 192.168.5.0


Still no response on both sides. Any help?





All Replies

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    You want site to site with at least one end nailed-up the status will show the tunnel is up

     
  • PeterUK said:
    You want site to site with at least one end nailed-up the status will show the tunnel is up

     

    They are both nailed up, status is also connected, so that's not the problem. I think it's the routing that I cannot get configured well
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    If you have setup the Local and remote policy right with a zone for the site to site then you might need a routing rule.

    Incoming Interface

    member LAN/ge

    destination the remote subnet

    next hop

    type VPN Tunnel

    tunnel your zone for the site to site

    Then a firewall for LAN to zone site to site


  • WJS
    WJS Posts: 123  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2022
    What's about your Security Policy ? Have you allowed the traffic ?
    Also,Please check there is no  "Source Network Address Translation" applied.

Security Highlight