cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
282
Views
0
Helpful
1
Replies

Can't generate interesting traffic

pkluss
Level 1
Level 1

THIS MESSAGE HAS BEEN MOVED TO THE VPN MESSAGE BOARDS. PLEASE RESPOND THERE.

================================================================================

Why does the following config not generate any interesting traffic when I ping 10.40.10.117 from 192.168.100.161?

I have crypto debugging on and there doesn't seem to be any attempt to bring up the tunnel. I would love to hear any insight into this problem.

Thanks.

-pk

(I cut out parts I felt were insignificant to the problem.)

---------------------------------------

name 192.168.100.161 Phil

object-group network AddressesAllowed

description These are addresses that are allowed through the VPN firewall.

network-object 10.40.10.118 255.255.255.255

network-object 10.40.110.71 255.255.255.255

network-object 10.48.10.37 255.255.255.255

network-object 10.48.10.38 255.255.255.255

network-object 192.168.41.31 255.255.255.255

network-object 192.168.41.32 255.255.255.255

network-object 10.46.0.15 255.255.255.255

network-object 10.46.0.19 255.255.255.255

network-object 10.40.10.117 255.255.255.255

network-object 10.46.0.1 255.255.255.255

access-list polnat161 permit ip host Phil object-group AddressesAllowed

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 10.44.3.161 access-list polnat161 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map outside_map 40 ipsec-isakmp

crypto map outside_map 40 match address polnat161

crypto map outside_map 40 set peer 21.54.52.112

crypto map outside_map 40 set transform-set ESP-3DES-SHA

crypto map outside_map 40 set security-association lifetime seconds 21600 kilobytes 4608000

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address 21.54.52.112 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp policy 40 authentication pre-share

isakmp policy 40 encryption 3des

isakmp policy 40 hash sha

isakmp policy 40 group 2

isakmp policy 40 lifetime 3600

1 Reply 1

abinjola
Cisco Employee
Cisco Employee

add

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.117

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.118

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.31

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.37

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.38

now ping..let me know what happens

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: