access two segment via vpn

Answered Question
Aug 1st, 2007

Hi,

We find that we can ping 192.168.100.0 segment but we cannot ping 192.168.101.0 segment in HK. how can we access two segment in HK via VPN? please advise

enclosed the config for your refer.

------

hk

!

crypto isakmp key owt address 203.x.x.x

crypto map mymap 104 ipsec-isakmp

description VPN from 192.168.31.0 segment to tw 192.168.100.0/23 segment

set peer 203.x.x.x

set transform-set myset

match address 104

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.100.0.0 0.0.1.255

----

tw

! 192.168.100.1

crypto isakmp key owt address 200.x.x.x

crypto map mymap 104 ipsec-isakmp

description VPN to to hk

set peer 200.x.x.x.

set transform-set myset

match address 104

access-list 104 permit ip 192.168.100.0 0.0.1.255 192.168.31.0 0.0.0.255

interface GigabitEthernet0/1

ip address 192.168.100.1 255.255.255.0

interface GigabitEthernet0/2

ip address 192.168.101.1 255.255.255.0

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 4 months ago

Hi

Just add an extra line to your crypto access-list ie.

hk

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.101.0.0 0.0.1.255

tw

access-list 104 permit ip 192.168.101.0 0.0.1.255 192.168.31.0 0.0.0.255

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 08/01/2007 - 02:29

Hi

Just add an extra line to your crypto access-list ie.

hk

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.101.0.0 0.0.1.255

tw

access-list 104 permit ip 192.168.101.0 0.0.1.255 192.168.31.0 0.0.0.255

HTH

Jon

Actions

This Discussion