10-28-2007 11:44 PM - edited 02-21-2020 03:20 PM
Hello,
I have spent days on this and I am at a loss, I cannot get this tunnel up.
Two 837 Routers at remote sites, customer wants VPN between sites.
I followed the tutorials, i turn on the debugs and ping from each site, yet i see absolutely nothing happening on either.
crypto isakmp key 0 MYKEY address XXX.248.2.94 no-xauth
crypto map SDM_CMAP_1 4 ipsec-isakmp
set peer XXX.248.2.94
set transform-set SDM_TRANSFORMSET_1
match address 104
access-list 104 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 106 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
SDM_CMAP_1 assigned to dialer
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
Both sides are a mirror, yet i cannot see any activity at all. I can ping each routers outside.
I appreciate any help, thanks
10-29-2007 01:14 AM
Hi
It would help if you could post full configs in case NAT is an issue but the first thing to note is what is access-list 106 ?.
Each side should mirror each other generally but your access-lists that define interesting traffic need to be flipped ie.
on router1
access-list 104 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
on router 2
access-list 106 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
However i can't tell whether this is an issue as you have only posted partial configs. Could you post full configs please.
Jon
10-31-2007 05:30 AM
Hello, Your suggestion saying it was NAT or ACL pointed me in the right direction. I reworked them and followed a Cisco Doc.
Cisco Document ID: 14144
It did the trick, but, I still do not understand why all the other tunnels work fine on the router and just this one has NAT issues...
Thanks for the help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: