cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
256
Views
0
Helpful
2
Replies

Site to Site VPN

waddy1971
Level 1
Level 1

Hello,

I have spent days on this and I am at a loss, I cannot get this tunnel up.

Two 837 Routers at remote sites, customer wants VPN between sites.

I followed the tutorials, i turn on the debugs and ping from each site, yet i see absolutely nothing happening on either.

crypto isakmp key 0 MYKEY address XXX.248.2.94 no-xauth

crypto map SDM_CMAP_1 4 ipsec-isakmp

set peer XXX.248.2.94

set transform-set SDM_TRANSFORMSET_1

match address 104

access-list 104 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 106 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

SDM_CMAP_1 assigned to dialer

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

Both sides are a mirror, yet i cannot see any activity at all. I can ping each routers outside.

I appreciate any help, thanks

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Hi

It would help if you could post full configs in case NAT is an issue but the first thing to note is what is access-list 106 ?.

Each side should mirror each other generally but your access-lists that define interesting traffic need to be flipped ie.

on router1

access-list 104 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

on router 2

access-list 106 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255

However i can't tell whether this is an issue as you have only posted partial configs. Could you post full configs please.

Jon

Hello, Your suggestion saying it was NAT or ACL pointed me in the right direction. I reworked them and followed a Cisco Doc.

Cisco Document ID: 14144

It did the trick, but, I still do not understand why all the other tunnels work fine on the router and just this one has NAT issues...

Thanks for the help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: