Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Remote Access VPN users cannot access 3rd Party site via S2S IPSEC

Hi All,

quick scenario on r80.30..

we have RA users connecting to our gateway and given an IP from pool 10.1.1.0/24 that connects to local LAN etc all working as expected.

however trying to get them to connect to a remote site via a s2s on same gateway which is not working.

vpnuser----<ra vpn>-->---RA_Gateway----<s2s vpn> --->---3rd party

error in logs : Action: reject   

                         Reject Category - IKE failure,

                         Encryption Failure: Error Occurred

remote s2s network 10.31.31.0/24

On remote access vpn community we have our VPN gateway as participating gateway only (not sure if i need to add 3rd party remote gateway's interoperable object to here?)

encryption domains are good as far as i can tell..

any ideas?

thanks in advance

 

0 Kudos
3 Replies
Highlighted
Admin
Admin

Does the encryption domain on the Remote end include the Office Mode IPs?
0 Kudos
Highlighted
Nickel

Hi,
I've been told they do.. but i am sceptical. have requested a tshoot session with remote party to verify and confirm.
will update once completed.
regards
0 Kudos
Highlighted
Nickel

quick update.. as suspected.. 3rd party had incorrect subnets defined in their crypto acl (cisco asa) - once resolved problem solved. thanks.