Ipsec s2s vpn with multiple subnet cannot be established



  • hey,
    anyone came up with issue like this one :
    s2s vpn ipsec with multiple subnets cannot be established
    the policy between the zones configured with the subnets objects.
    only 1 subnet is passing through.



  • the tunnel goes from isg1000 to a cisco 2800 router



  • ns5gt-> get conf | i vpn
    set vpn “Corp-Remote” gateway “Remote-Corp” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”  "g2-esp-aes128-sha"
    set vpn “Corp-Remote” id 10 bind interface tunnel.1
    set vpn “Corp-Remote” proxy-id local-ip 1.1.1.0/24 remote-ip 1.1.2.0/24 “ANY”

    Need to check both sides. Turn on logging - are the attempts to the other nets getting logged?

    If you cannot summarize the nets in the proxy-id you might consider going to a route-based S2S
    The proxy-ids are optional in a Netscreen-Netscreen route-based VPN



  • policy based. all route checked and policies,
    how ca i verify the subnets in the proxy-id?



  • policy-based or route-based? policy ok? routes ok?
    Subnets included in proxy-id?


 

24
Online

38.4k
Users

12.7k
Topics

44.5k
Posts