Your ACL has multiple ACEs right? Does your 2nd subnet have proper routing?
With regards Kings On Sun, Dec 12, 2010 at 9:59 AM, Sidney Spencer <[email protected]> wrote: > I recently updated a spoke router to a 2911. This router reaches back to > my hub ASA 5520 via a VPN connection. I am experiencing a strange issue as > follows: > > The VPN tunnel is established, the encryption domain configured on both > sides are configured with two ACL's both reversed from each other. I can > ping through the tunnel one of the encrypted networks but for some reason i > can not ping the second network. If I do a show crypto ipsec sa peer > xxx.xxx.xxx.xxx on the hub i show show decaps but no encaps . I checked my > nonat and encryption statements on both sides they are accurate, same ACL > just different network as the one that is working. > > ASA is running 8.2(2) code and 2911 is running 15.0 code. > > The thing is I have about 70+ different locations the exact same config > except different model of routers all reaching back to the HUB. This is the > only one experiencing the problem. > > Was wondering if anyone had any thoughts or ran into this issue before. > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
