Site to Site VPN

Unanswered Question
Oct 28th, 2007


I have spent days on this and I am at a loss, I cannot get this tunnel up.

Two 837 Routers at remote sites, customer wants VPN between sites.

I followed the tutorials, i turn on the debugs and ping from each site, yet i see absolutely nothing happening on either.

crypto isakmp key 0 MYKEY address XXX.248.2.94 no-xauth

crypto map SDM_CMAP_1 4 ipsec-isakmp

set peer XXX.248.2.94

set transform-set SDM_TRANSFORMSET_1

match address 104

access-list 104 permit ip

access-list 106 deny ip

SDM_CMAP_1 assigned to dialer

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

Both sides are a mirror, yet i cannot see any activity at all. I can ping each routers outside.

I appreciate any help, thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 10/29/2007 - 01:14


It would help if you could post full configs in case NAT is an issue but the first thing to note is what is access-list 106 ?.

Each side should mirror each other generally but your access-lists that define interesting traffic need to be flipped ie.

on router1

access-list 104 permit ip

on router 2

access-list 106 permit ip

However i can't tell whether this is an issue as you have only posted partial configs. Could you post full configs please.


waddy1971 Wed, 10/31/2007 - 05:30

Hello, Your suggestion saying it was NAT or ACL pointed me in the right direction. I reworked them and followed a Cisco Doc.

Cisco Document ID: 14144

It did the trick, but, I still do not understand why all the other tunnels work fine on the router and just this one has NAT issues...

Thanks for the help.


This Discussion