the troubleshooting of “can’t create a VPN connection“

Latest reply: Oct 24, 2014 07:03:52 1668 1 0 0

A configuration fault results the problem "can’t create a VPN connection" form costomers. 

The port  Ethernet0/0/8 has NAT outbound to all IP, then the traffic(ip source 192.168.a.b destination 192.168.c.0

can’t be transferred to IPsec tunnel for its ip address have been also translated  and can’t  match the IPsec ACL 3999.

interface Ethernet0/0/8

tcp adjust-mss 1460

ip address x.y.24.219

ipsec policy branch_vpn

nat outbound 2999



acl name Ethernet0/0/8 2999 

 rule 5 permit



the traffic  should be transferred to IPsec tunnel:

acl name b_Ethernet0/0/8_1 3999 

 rule 5 permit ip source 192.168.a.b destination 192.168.c.0




Modify ACL 2999:

acl name Ethernet0/0/8 3001

rule 5 deny  ip source 192.168.a.b destination 192.168.c.0       

//exclude the traffic should be transferred to IPsec tunnel

rule 10 permit ip

interface Ethernet0/0/8

nat outbound 3001

  • x
  • convention:

Created Oct 24, 2014 07:03:52 Helpful(0) Helpful(0)

thanks fo sharing

  • x
  • convention:


You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits