Site-to-Site VPN allows only one connection

Unanswered Question
Mar 2nd, 2007

hi

i have a 2600 series router and 4 1760 routers. i configured the 4 1760 routers to connect to my 2600 router. my configuration is a Site-to-Site VPN. the problem is that although i have same configuration for VPN connection on 4 remote routers only one has a success connection to my 2600.

any help is greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Fri, 03/02/2007 - 20:32

Maybe the other 3 sites has a dynamic IP Address assignment on their WAN interface provided by your ISP? If all site IP Addresses in WAN Interface is static, your configuration should be similar to the sample below;

Office Router WAN Public IP Address = a.b.c.2, Gateway = a.b.c.1

Remote Office1 Router WAN Interface Public IP Address = d.e.f.2, Gateway d.e.f.1

Remote Office2 Router WAN Interface Public IP Address = g.h.i.2, Gateway g.h.i.1

Remote Office3 Router WAN Interface Public IP Address = j.k.l.2, Gateway j.k.l.1

Office network = 10.0.0.0/8

Remote Office1 network = 192.168.1.0/24

Remote Office2 network = 192.168.2.0/24

Remote Office3 network = 192.168.3.0/24

NOTE: If the remote offices ip address for wan_interface_facing_internet is dynamic, let me know.

1. Office

!

ip subnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key neo address d.e.f.2 no-xauth

crypto isakmp key trinity address g.h.i.2 no-xauth

crypto isakmp key morpheus address j.k.l.2 no-xauth

!

crypto ipsec transform-set NEB esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer d.e.f.2

set transform-set NEB

set pfs group1

match address 101

crypto map TheMatrix 2 ipsec-isakmp

set peer g.h.i.2

set transform-set NEB

set pfs group1

match address 102

crypto map TheMatrix 3 ipsec-isakmp

set peer j.k.l.2

set transform-set NEB

set pfs group1

match address 103

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

!

access-list 101 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

access-list 103 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

!

interface wan_interface_facing_internet

ip address a.b.c.2 255.255.255.252

crypto map TheMatrix

2. Remote Office1

!

ip subnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key neo address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEB esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer a.b.c.2

set transform-set NEB

set pfs group1

match address 101

!

ip classless

ip route 0.0.0.0 0.0.0.0 d.e.f.1

access-list 101 permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255

!

interface wan_interface_facing_internet

ip address d.e.f.2 255.255.255.252

crypto map TheMatrix

3. Remote Office2

!

ip subnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEB esp-des esp-sha-hmac

!

crypto map TheMatrix 2 ipsec-isakmp

set peer a.b.c.2

set transform-set NEB

set pfs group1

match address 102

!

ip classless

ip route 0.0.0.0 0.0.0.0 g.h.i.1

access-list 102 permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.255.255.255

!

interface wan_interface_facing_internet

ip address g.h.i.2 255.255.255.252

crypto map TheMatrix

4. Remote Office3

!

ip subnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key morpheus address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEB esp-des esp-sha-hmac

!

crypto map TheMatrix 3 ipsec-isakmp

set peer a.b.c.2

set transform-set NEB

set pfs group1

match address 103

!

ip classless

ip route 0.0.0.0 0.0.0.0 j.k.l.1

access-list 103 permit ip 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255

!

interface wan_interface_facing_internet

ip address j.k.l.2 255.255.255.252

crypto map TheMatrix

Actions

This Discussion