L2L VPN problem between 2 routers

moahmed1981 · ‎12-15-2008

Hi

please find the attached file for the routers configuration.

i need to make a vpn tunnel through the internet between 2 routers (R1&R2) in two different sites.

For R1 site

============

- LAN Network : 192.168.1.0 /24

- users can access the internet properly.

- The Router is configured by ISP engineers to build the internet connection

For R2 site

============

- LAN Network : 192.168.2.0 /24

-The Router is configured by ISP engineers to build the internet connection.

- users can access the internet properly.

After that when i tried to configure the 2 routers for the vpn , i found that the vpn cannot established.

Troubleshooting

================

- i cannot ping any server from site1 to site2

- the output of " sh crypto isakmp sa " on R1 & R2 is :

R1#sh crypto isakmp sa

dst src state conn-id slot status

please i need your help.

waiting your replies.

regards

Marwan ALshawi · ‎12-15-2008

hi

u have a common mistake

u need to exmpt the vpn traffic from get nated

do the following on router 1

and the same on the opesit way on router2

no access-list 1 permit 192.168.1.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0.0

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

then make ur nating as following

no ip nat inside source list 1 pool net overload

ip nat inside source list 101 pool net overload

on router 2 do the same idea but ur ACL shoult looks like

from 192.168.2.0 to 192.168.1.0 to be denoed from get nated as above

after u do that clear nating table or save ur config and reload the router

good luck

hope this helps