VPN - HELP PLEASE ;(

Unanswered Question
Sep 30th, 2008
User Badges:

I have a PIX 515E which works VPN wise to a remote site - we are replace the Linksys unit with a Cisco 871W. However I am having problems getting it to route ? I have VPN connected I believe however now connectivity....

ip inspect name Protection tcp

ip inspect name Protection udp

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600

crypto isakmp key werewwerewrwerw address gateway address 197.x.x.54

!

!

crypto ipsec transform-set Support esp-3des esp-md5-hmac

!

crypto map Tunnel-Home 1 ipsec-isakmp

description Remote Support Tunnel

set peer 197.175.175.54

set transform-set Support

match address 100

!

!

bridge irb

!

interface FastEthernet4

ip address 197.175.175.10 255.255.255.0

ip inspect Protection in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map Tunnel-Home

!

interface Vlan1

description iDNA Exhibition

no ip address

ip tcp adjust-mss 1452

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.113.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 197.175.175.1

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map Outbound interface FastEthernet4 overload

!

access-list 1 permit 192.168.113.0 0.0.0.255

access-list 1 permit 197.175.175.0 0.0.0.255

access-list 100 permit ip 192.168.113.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip 192.168.113.0 0.0.0.255 any


no cdp run

!

!

route-map Outbound permit 1

match ip address 101

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

banner login ^C

----------------------------------------------------------------------------

THIS TERMINAL IS ONLY FOR AUTHORISED ACCESS


IF YOU DO NOT HAVE AUTHORITY OR PERMISSION PLEASE DISCONNECT NOW!

----------------------------------------------------------------------------^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

privilege level 15

password *****

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end


Thanks


Ed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
Marwan ALshawi Tue, 09/30/2008 - 08:39
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

u have problem with return traffic get nated do the following

change the nat ACL


access-list 102 deny ip 192.168.113.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 192.168.113.0 0.0.0.255 any


route-map Outbound2 permit 1

match ip address 102


first remove the old nating do:

no ip nat inside source route-map Outbound interface FastEthernet4 overload


now creat the new one with new ACL and route-map:


ip nat inside source route-map Outbound2 interface FastEthernet4 overload


and make sure on the pix u have the sam eidea but on pix the nat exmption will be thorugh NAT 0 that include the return patch

if ur inside interface on pix named as inside u may have somthing like on PIX:


nat (inside) 0 access-list 103


access-list 103 permit ip 192.168.1.0 255.255.255.0 192.168.113.0 255.255.255.0


good luck

if helpful Rate

Actions

This Discussion