access two segment via vpn

Answered Question
Aug 1st, 2007
User Badges:

Hi,


We find that we can ping 192.168.100.0 segment but we cannot ping 192.168.101.0 segment in HK. how can we access two segment in HK via VPN? please advise


enclosed the config for your refer.

------

hk

!

crypto isakmp key owt address 203.x.x.x


crypto map mymap 104 ipsec-isakmp

description VPN from 192.168.31.0 segment to tw 192.168.100.0/23 segment

set peer 203.x.x.x

set transform-set myset

match address 104


access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.100.0.0 0.0.1.255


----

tw


! 192.168.100.1

crypto isakmp key owt address 200.x.x.x


crypto map mymap 104 ipsec-isakmp

description VPN to to hk

set peer 200.x.x.x.

set transform-set myset

match address 104


access-list 104 permit ip 192.168.100.0 0.0.1.255 192.168.31.0 0.0.0.255


interface GigabitEthernet0/1

ip address 192.168.100.1 255.255.255.0

interface GigabitEthernet0/2

ip address 192.168.101.1 255.255.255.0


Correct Answer by Jon Marshall about 9 years 8 months ago

Hi


Just add an extra line to your crypto access-list ie.


hk


access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.101.0.0 0.0.1.255


tw


access-list 104 permit ip 192.168.101.0 0.0.1.255 192.168.31.0 0.0.0.255


HTH


Jon


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 08/01/2007 - 02:29
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Just add an extra line to your crypto access-list ie.


hk


access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.101.0.0 0.0.1.255


tw


access-list 104 permit ip 192.168.101.0 0.0.1.255 192.168.31.0 0.0.0.255


HTH


Jon


Actions

This Discussion