L2L VPN problem between 2 routers

Unanswered Question
Dec 15th, 2008
User Badges:

Hi


please find the attached file for the routers configuration.


i need to make a vpn tunnel through the internet between 2 routers (R1&R2) in two different sites.


For R1 site

============

- LAN Network : 192.168.1.0 /24

- users can access the internet properly.

- The Router is configured by ISP engineers to build the internet connection


For R2 site

============

- LAN Network : 192.168.2.0 /24

-The Router is configured by ISP engineers to build the internet connection.

- users can access the internet properly.


After that when i tried to configure the 2 routers for the vpn , i found that the vpn cannot established.


Troubleshooting

================

- i cannot ping any server from site1 to site2

- the output of " sh crypto isakmp sa " on R1 & R2 is :


R1#sh crypto isakmp sa

dst src state conn-id slot status



please i need your help.

waiting your replies.


regards




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Mon, 12/15/2008 - 15:35
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

hi

u have a common mistake

u need to exmpt the vpn traffic from get nated

do the following on router 1

and the same on the opesit way on router2


no access-list 1 permit 192.168.1.0 0.0.0.255


access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0.0

access-list 101 permit ip 192.168.1.0 0.0.0.255 any


then make ur nating as following


no ip nat inside source list 1 pool net overload

ip nat inside source list 101 pool net overload



on router 2 do the same idea but ur ACL shoult looks like


from 192.168.2.0 to 192.168.1.0 to be denoed from get nated as above


after u do that clear nating table or save ur config and reload the router


good luck


hope this helps

Actions

This Discussion