Internet Security Router User
’s Manual
Chapter 10. Configuring VPN
107
Figure 10.17. Extranet Example
– Inbound ACL Rule on ISR2
10.6.2.4 Establish Tunnel and Verify
„ Start continuous ping from a host on the LAN behind ISR1 to a host on the LAN behind ISR2. The first
few pings would fail. After a few seconds, The host on the LAN behind ISR1 should start getting ping
response.
„ Ping from a host on the LAN behind ISR2 to a host on the LAN behind ISR1. Ping should be
successful.
„ The ping might fail due to any of the following:
„ The IP address of the host on the LAN behind ISR2 used in the ping command may not be correct.
Check and give the correct IP address.
„ Default route is not configured for ISR1 or ISR2. Configure the default routes as necessary.
„ Firewall rules corresponding to VPN connection may not be configured properly. If any of the
network addresses is not correctly configured, correct the parameters and apply the configuration.
„ Local and remote network addresses may not be configured correctly. The network addresses used
in VPN connection rule are 192.168.11.0/255.255.255.0 and 192.168.12.0/255.255.255.0.