I can solve that issue with 4 stars ----- Original Message ----- From: "The Long and Winding Road" To: Sent: Monday, March 03, 2003 9:04 PM Subject: Re: Bizzare Routing/VPN Issue [7:64301]
> this is a complex situation that requires that you fly me out your way and > pay my stay at a five star hotel and full salary plus travel bonus for the 6 > to 8 weeks it will take me to solve the problem :-> > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > > > > ""John Brandis"" wrote in message > news:[EMAIL PROTECTED] > > Hi All, I am sure one of you will see the problem and be able to offer a > > solution. > > > > I have 2 organisations here, one in Australia the other in NZ. In > Australia, > > we have a hub and spoke point to multi-point config from the hubs > > perspective. I run OSPF and have all sites in area 0 (yes I know i should > > break this up so that each region forms its own area, but why at this time > > ??) > > > > My problem, which only started this morning at 5am when the tech in NZ and > I > > decided to up the encryption settings on the VPN, I think is related to > > routing, or related to a crypto map error. In Sydney, I use a cisco 3005 > > whilst the office initiating the IPSEC connection uses a little Watchguard > > box. Until this morning it was simple, I could see his local lan behind > the > > remote peer, and he could see my local networks, but not the office's on > my > > WAN (by design). The goal of this morning was to permit NZ to be able to > see > > all networks in Australia. We dont yet run a nice continuos IP scheme here > > (yet), so each network had to be delcared line by line rather than a nice > > summary. We implemented this network by network. I enabled my NZ > counterpart > > access to the Australian hub site and one of the spokes. Thats when the > > problem started. We tried to put the next spoke site network list in the > > list of availiable networks, then it all fell to bits. The problem now is > > that the guy in NZ can ping my spoke sites routers, however from these > spoke > > sites I cant ping him. I trace the packet, and watch it hop through my > > network with the last hop being the 3005 VPN concentrator that connects NZ > > to us. From there it times out...From my desk in the hub site in > Australia, > > I can ping both the spoke site, and the NZ techs PC. So at this stage I > can > > confirm that the route that works from sydney to NZ, has been > redistributed > > via OSPF to my spoke sites, however it just does not appear to get through > > the tunnel, however the guy in NZ says he has 100% ping to my spoke sites. > > > > Could any one suggest where a possible problem could be ? > > > > I can see IPSEC tunnels for the various networks and I can see traffic > going > > across them, however I have no idea why I cant access anything across the > > VPN from my spoke sites. The NZ guy said all traffic from Australia has a > > permit statement. I can only see the problem as access-list like problem > on > > his end, as we had this working for the central site here (hub site) and > for > > one of the spoke sites until we added more. > > > > Would appreciate any help. > > > > Thanks all > > > > Johnny b > > > > > > ********************************************************************** > > > > visit http://www.solution6.com > > > > UK Customers - http://www.solution6.co.uk > > > > ********************************************************************** > > > > The Solution 6 Head Office and NSW Branch has moved premises. > > Please make sure you have updated your records with our new details. > > > > Level 14, 383 Kent Street, Sydney NSW 2000. > > > > General Phone: 61 2 9278 0666 > > > > General Fax: 61 2 9278 0555 > > > > ********************************************************************** > > > > This email message (and attachments) may contain information that is > > confidential to Solution 6. If you are not the intended recipient you > cannot > > use, distribute or copy the message or attachments. In such a case, > please > > notify the sender by return email immediately and erase all copies of the > > message and attachments. Opinions, conclusions and other information in > > this message and attachments that do not relate to the official business > of > > Solution 6 are neither given nor endorsed by it. > > > > ********************************************************************* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64318&t=64301 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
