L2L VPN problem between 2 routers

Unanswered Question
Dec 15th, 2008

Hi

please find the attached file for the routers configuration.

i need to make a vpn tunnel through the internet between 2 routers (R1&R2) in two different sites.

For R1 site

============

- LAN Network : 192.168.1.0 /24

- users can access the internet properly.

- The Router is configured by ISP engineers to build the internet connection

For R2 site

============

- LAN Network : 192.168.2.0 /24

-The Router is configured by ISP engineers to build the internet connection.

- users can access the internet properly.

After that when i tried to configure the 2 routers for the vpn , i found that the vpn cannot established.

Troubleshooting

================

- i cannot ping any server from site1 to site2

- the output of " sh crypto isakmp sa " on R1 & R2 is :

R1#sh crypto isakmp sa

dst src state conn-id slot status

please i need your help.

waiting your replies.

regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Mon, 12/15/2008 - 15:35

hi

u have a common mistake

u need to exmpt the vpn traffic from get nated

do the following on router 1

and the same on the opesit way on router2

no access-list 1 permit 192.168.1.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0.0

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

then make ur nating as following

no ip nat inside source list 1 pool net overload

ip nat inside source list 101 pool net overload

on router 2 do the same idea but ur ACL shoult looks like

from 192.168.2.0 to 192.168.1.0 to be denoed from get nated as above

after u do that clear nating table or save ur config and reload the router

good luck

hope this helps

Actions

This Discussion