Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

VPN LAN to LAN to 1490 is up but not working

Hello,

  I am configuring a L2L between a CP 1490 and a 5000 box. I am pretty sure the problem lies on the 1490, because we have quite a few tunnels on the 5000 that work just fine -and this is my first time with a 1490 so I might be missing something there.

 

   When I check on the 1490, it says the tunnel is up -I can see the same in the 5000. The logs in the 5000 shows the packets get encrypted and sent on its way.

 

Checking the logs on the 1490 I see the key gets installed, but I also see this:

IKE failure: Child SA exchange: Received notification from peer: Traffic selectors unacceptable

 

Are any routes needed in the 1490 for the subnets on the other side? Since this is a Policy-based L2L I guess they are not but I am trying to make sure I am not missing anything.

 

Thanks,

  //Anibal

0 Kudos
Reply
3 Replies
Leader
Leader

EncDom mismatch - check Encryption Domain membership on both ends and make sure you've got a proper cross-routing in place, otherwise you may need to look into this --sk86582--
Jerry
0 Kudos
Reply
Explorer

Hello,

  the encryption domain in the hub CP is system-wide, and all I've got for this community is the only subnet on the remote side (1490).

On the remote side, I am defining the remote subnets manually, matching two of the subnets in the hub. The local encryption domain includes the only LAN subnet.

 

I've read the SK you posted about VPN routing -in the hub, I am only routing through the center. Is there such an option in the 1490?

 

//Anibal

0 Kudos
Reply
Leader
Leader

0 Kudos
Reply