problem with multiple vpn site-to-site

Unanswered Question
Oct 5th, 2009

Hi, I have 3 vpn connections main-site1 and site2, but I don't have traffic between the site1 and site2

main site

interface Ethernet0/0

nameif outside

security-level 0

ip address 192.168.16.2 255.255.255.252

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.160.252.16 255.255.255.0

access-list 150 extended permit ip any any

access-list 155 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list 150

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 192.168.16.1

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map Outside_map 20 match address 155

crypto map Outside_map 20 set peer 172.16.16.194 172.16.16.170

crypto map Outside_map 20 set transform-set ESP-AES-256-SHA

crypto map Outside_map interface outside

crypto isakmp identity hostname

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 172.16.16.170 type ipsec-l2l

tunnel-group 172.16.16.170 ipsec-attributes

pre-shared-key 123

tunnel-group 172.16.16.194 type ipsec-l2l

tunnel-group 172.16.16.194 ipsec-attributes

pre-shared-key 123

site1

interface Ethernet0/0

nameif inside

security-level 100

ip address 10.160.237.14 255.255.255.0

!

interface Ethernet0/1

nameif outside

security-level 0

ip address 172.16.16.194 255.255.255.248

access-list 150 extended permit ip any any

access-list 155 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list 150

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 172.16.16.193

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 20 match address 155

crypto map outside_map 20 set peer 192.168.16.2

crypto map outside_map 20 set transform-set ESP-AES-256-SHA

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 192.168.16.2 type ipsec-l2l

tunnel-group 192.168.16.2 ipsec-attributes

pre-shared-key 123

site2

interface Vlan1

nameif inside

security-level 100

ip address 10.160.232.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 172.16.16.170 255.255.255.248

access-list inside_nat0_outbound extended permit ip any any

access-list outside_cryptomap_20 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 172.16.16.169

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map Outside_map 20 match address outside_cryptomap_20

crypto map Outside_map 20 set peer 192.168.16.2

crypto map Outside_map 20 set transform-set ESP-AES-256-SHA

crypto map Outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 192.168.16.2 type ipsec-l2l

tunnel-group 192.168.16.2 ipsec-attributes

pre-shared-key 123

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rchaves018 Tue, 10/06/2009 - 08:15

Thank you, I will test it

also I have other problems when the VPN fails

lasts much to establish the connection again I need to reset the equiment of the services provider.

Any Idea

vanessawen Tue, 10/06/2009 - 12:48

we have a similar issue...it related to the access list configure...it's different when u use remote access VPN or site-to-site VPN...

Actions

This Discussion