Solved: access two segment via vpn

leungcm · ‎08-01-2007

Hi,

We find that we can ping 192.168.100.0 segment but we cannot ping 192.168.101.0 segment in HK. how can we access two segment in HK via VPN? please advise

enclosed the config for your refer.

------

hk

!

crypto isakmp key owt address 203.x.x.x

crypto map mymap 104 ipsec-isakmp

description VPN from 192.168.31.0 segment to tw 192.168.100.0/23 segment

set peer 203.x.x.x

set transform-set myset

match address 104

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.100.0.0 0.0.1.255

----

tw

! 192.168.100.1

crypto isakmp key owt address 200.x.x.x

crypto map mymap 104 ipsec-isakmp

description VPN to to hk

set peer 200.x.x.x.

set transform-set myset

match address 104

access-list 104 permit ip 192.168.100.0 0.0.1.255 192.168.31.0 0.0.0.255

interface GigabitEthernet0/1

ip address 192.168.100.1 255.255.255.0

interface GigabitEthernet0/2

ip address 192.168.101.1 255.255.255.0

Jon Marshall · ‎08-01-2007

Hi

Just add an extra line to your crypto access-list ie.

hk

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.101.0.0 0.0.1.255

tw

access-list 104 permit ip 192.168.101.0 0.0.1.255 192.168.31.0 0.0.0.255

HTH

Jon

View solution in original post

Jon Marshall · ‎08-01-2007

Hi

Just add an extra line to your crypto access-list ie.

hk

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.101.0.0 0.0.1.255

tw

access-list 104 permit ip 192.168.101.0 0.0.1.255 192.168.31.0 0.0.0.255

HTH

Jon

leungcm · ‎08-01-2007

thank, it is working