Hi folks,
Two months ago we implemented a DRP network in a branch office. The connection between the main office and the branch one is done with a site-to-site IPSec VPN.
Here is the global schema :
VPN
Everything was ok until I tried to connect to the F0/0 IP of the remote VPN router (VPN-2). Thus, I was unable to get connected.
I checked ACLs, routes, … everything is ok.
Being connected on the VPN-2 (indirectly connected), I tried to telnet back to the 192.168.1.1 machine, then I got a Host unreachable error.
Strange, routes are ok (a default route exists throughout the ISP router)… The error suggests there is no route to the host, so I added an explicit route on VPN-2 indicating the ISP router as the gateway to connect to the 192.168.1.0/24 network.
ip route 192.168.1.0 255.255.255.0 A.B.C.D
As expected, this solved the problem.
After this, I thought why the default route wasn’t been used ?
My suggestion :
192.168.1.0/24 is a RFC1918 network and may be the IOS default route doesn’t hundle these networks.
Your comments are welcome.
Capcorne's Blog 