Publication Date: 2016-04-15 | Views: 1160 | Downloads: 0 | Author: SU1001299054 | Document ID: EKB1000114675
After checking the configuration of this site. we found customer permit all IP traffic in ACL 3999 which used for ipsec policy
#
acl name p_Ethernet0/0/0_1 3998
rule 5 permit ip
#
ipsec proposal p_to_p_vpn1
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm sha1
prf hmac-sha2-256
#
ike peer p_to_p_vpn1 v1
pre-shared-key cipher %^%#XeyNW1QmUWl}t\1ttQ4)D]nS%Zs8.$Av:wUPEO67%^%#
ike-proposal 1
local-id-type name
nat traversal
remote-address 10.1.10.25
#
ipsec policy p_to_p_vpn 1 isakmp
security acl 3998
ike-peer p_to_p_vpn1
proposal p_to_p_vpn1
#
interface Vlanif1
ip address 192.168.2.1 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
interface Ethernet0/0/0
undo portswitch
tcp adjust-mss 1460
ip address 10.1.10.99 255.255.255.0
ipsec policy p_to_p_vpn
nat outbound 2999
#
After set the fixed ACL according custoemr environment, then this issue solved. Since the orginal setting contained flow that from 10.1.10.99 to10.1.10.25, so the ping was affected by orignal setting.
#
acl number 3998
rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#