this is a complex situation that requires that you fly me out your way and pay my stay at a five star hotel and full salary plus travel bonus for the 6 to 8 weeks it will take me to solve the problem :->
-- TANSTAAFL "there ain't no such thing as a free lunch" ""John Brandis"" wrote in message news:[EMAIL PROTECTED] > Hi All, I am sure one of you will see the problem and be able to offer a > solution. > > I have 2 organisations here, one in Australia the other in NZ. In Australia, > we have a hub and spoke point to multi-point config from the hubs > perspective. I run OSPF and have all sites in area 0 (yes I know i should > break this up so that each region forms its own area, but why at this time > ??) > > My problem, which only started this morning at 5am when the tech in NZ and I > decided to up the encryption settings on the VPN, I think is related to > routing, or related to a crypto map error. In Sydney, I use a cisco 3005 > whilst the office initiating the IPSEC connection uses a little Watchguard > box. Until this morning it was simple, I could see his local lan behind the > remote peer, and he could see my local networks, but not the office's on my > WAN (by design). The goal of this morning was to permit NZ to be able to see > all networks in Australia. We dont yet run a nice continuos IP scheme here > (yet), so each network had to be delcared line by line rather than a nice > summary. We implemented this network by network. I enabled my NZ counterpart > access to the Australian hub site and one of the spokes. Thats when the > problem started. We tried to put the next spoke site network list in the > list of availiable networks, then it all fell to bits. The problem now is > that the guy in NZ can ping my spoke sites routers, however from these spoke > sites I cant ping him. I trace the packet, and watch it hop through my > network with the last hop being the 3005 VPN concentrator that connects NZ > to us. From there it times out...From my desk in the hub site in Australia, > I can ping both the spoke site, and the NZ techs PC. So at this stage I can > confirm that the route that works from sydney to NZ, has been redistributed > via OSPF to my spoke sites, however it just does not appear to get through > the tunnel, however the guy in NZ says he has 100% ping to my spoke sites. > > Could any one suggest where a possible problem could be ? > > I can see IPSEC tunnels for the various networks and I can see traffic going > across them, however I have no idea why I cant access anything across the > VPN from my spoke sites. The NZ guy said all traffic from Australia has a > permit statement. I can only see the problem as access-list like problem on > his end, as we had this working for the central site here (hub site) and for > one of the spoke sites until we added more. > > Would appreciate any help. > > Thanks all > > Johnny b > > > ********************************************************************** > > visit http://www.solution6.com > > UK Customers - http://www.solution6.co.uk > > ********************************************************************** > > The Solution 6 Head Office and NSW Branch has moved premises. > Please make sure you have updated your records with our new details. > > Level 14, 383 Kent Street, Sydney NSW 2000. > > General Phone: 61 2 9278 0666 > > General Fax: 61 2 9278 0555 > > ********************************************************************** > > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient you cannot > use, distribute or copy the message or attachments. In such a case, please > notify the sender by return email immediately and erase all copies of the > message and attachments. Opinions, conclusions and other information in > this message and attachments that do not relate to the official business of > Solution 6 are neither given nor endorsed by it. > > ********************************************************************* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64307&t=64301 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
