LAN2LAN VPN problem

Unanswered Question
Mar 4th, 2009

Hi all

I am configuring a LAN 2 LAN VPN between 2 routers.

but on my side of the connection, i have

an unusual design,

the interesting traffic from my side from the VPN is the same IP range that is being used on router's Outside interface.

Assume that the REAL ip on the router is x.x.x.1, the interesting traffic has a source addresses x.x.x.1, x.x.x.2, x.x.x.3 ....


And on the other side (which i dont have access two, it does have the normal usual setup)


The config on my router is:


!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

crypto isakmp key [email protected] address z.z.z.233

!

crypto ipsec security-association lifetime seconds 28800

!

crypto ipsec transform-set encryption esp-3des esp-md5-hmac

!

crypto map intelligit 10 ipsec-isakmp

set peer z.z.z.233

set transform-set encryption

match address 120

!

!

!

interface FastEthernet0/0

description Connected to internet

ip address x.x.x.42 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map intelligit

!

interface FastEthernet0/1

description Connected to LAN-SWITCH

ip address 192.168.0.220 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 x.x.x.41

!

ip http server

no ip http secure-server

ip nat translation timeout 5

ip nat pool ogero x.x.x.43 x.x.x.43 netmask 255.255.255.248

ip nat inside source list 100 pool ogero overload

!

logging history warnings

access-list 100 permit ip 192.168.0.0 0.0.0.255 any


access-list 120 permit ip host x.x.x.42 host v.v.v.66

access-list 120 permit ip host x.x.x.43 host v.v.v.66

access-list 120 permit ip host x.x.x.44 host v.v.v.66


The Phase 1 is still not going up, the "Debug crypto isakmp" shows the info in the attached file

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion