Hi

We have just swapped out to a 3900 and having problems with setting up Site to Site VPNs.

We have our main network 172.16.0.0 / 24 and attached to that we have an additional subnet on this lan of 192.168.1.0 / 24 which has a site to site VPN setup with 192.168.0.1 / 24 (we can't stipulate the ranges our side they are defined by a third party and we don't want to go through the hassle of readdressing everything we also need to have several of these for different VPNs all stipulating different local ranges)

The Site to Site VPN works great and if I allocate my pc into the 172.16.1.1 range I can see the machines the other side of the tunnel and everything works as you would expect. What I can't do however is access the 192.168.0.1 range from the main subnet (172.16.0.0). I can ping and access the router on the local side (192.168.1.1) as well as anything in that subnet but I can't access anything the remote side of the tunnel. I can't add any static routes for 192.168.1.1 / 24 as it just tells me it's already overlapping and refuses to play ball (which also suggests it's a firewall not a routing issue) and ive added every type of static / dynamic routing policy I can think of and every firewall polocy I can think of to allow traffic however I just can't get it to route traffic over the VPN.

Is there anything i'm missing? I have even tried setting it up as a brand new (seperate) vlan with the same results.

I have been having similar problems and would suggest that you entirely disable, even remove, all your firewalls and similar and re-test. I know that may sound like a drastic and bad solution, but from personal experience it can often make it possible to diagnose the problem right away and save weeks of frustration. - Some firewalls, eg: Comodo, attach a filter to the network adapters which continues to block connections even after things have been explicitly allowed.