RTRC is protected by NAT, so RTRA can't access RTRC
directly. This is
by design. RTRC is an internal router in a NAT'd network.
RTRA can
ping RTRC, which is as far as it can get because of the NAT.
RTRC can
ping RTRA through the NAT translation.
I think I have this resolved. I believe the issue is that I
needed a
route sending traffic from RTRA to RTRC out the ethernet
interface. I
guess this is then caught by the crypto map, encrypted, and
send
through the IPSEC tunnel. The docs I've read seem to omit
this step
as they assume full connectivity, but such a thing isn't
possible when
you're routing to a private network over the Internet.
Seems the
route needs to be there, anyhow.
On Sat, Mar 29, 2008 at 4:52 AM, awais hassan wrote:
> hi,
>
> first of all i think prior any kind of tunnel
establishment wether it is
GRE
> or IPSEC,firt make sure your end to end
connctivity.mean RTRA and RTRC
> should access eachother.once u do this then comes
about securing the link
> with GRE or IPSEC.it would be alot easier for someone
to suggest a
solution
> or troubleshoot the existing one after u deal with the
end to end
> connectivity.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7
&i=130775&t=130744
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.
groupstudy.com/list/cisco.html
|