10-05-2009 07:52 PM
Hi, I have 3 vpn connections main-site1 and site2, but I don't have traffic between the site1 and site2
main site
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.16.2 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.160.252.16 255.255.255.0
access-list 150 extended permit ip any any
access-list 155 extended permit ip any any
global (outside) 1 interface
nat (inside) 0 access-list 150
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 192.168.16.1
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map Outside_map 20 match address 155
crypto map Outside_map 20 set peer 172.16.16.194 172.16.16.170
crypto map Outside_map 20 set transform-set ESP-AES-256-SHA
crypto map Outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
tunnel-group 172.16.16.170 type ipsec-l2l
tunnel-group 172.16.16.170 ipsec-attributes
pre-shared-key 123
tunnel-group 172.16.16.194 type ipsec-l2l
tunnel-group 172.16.16.194 ipsec-attributes
pre-shared-key 123
site1
interface Ethernet0/0
nameif inside
security-level 100
ip address 10.160.237.14 255.255.255.0
!
interface Ethernet0/1
nameif outside
security-level 0
ip address 172.16.16.194 255.255.255.248
access-list 150 extended permit ip any any
access-list 155 extended permit ip any any
global (outside) 1 interface
nat (inside) 0 access-list 150
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 172.16.16.193
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 20 match address 155
crypto map outside_map 20 set peer 192.168.16.2
crypto map outside_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
tunnel-group 192.168.16.2 type ipsec-l2l
tunnel-group 192.168.16.2 ipsec-attributes
pre-shared-key 123
site2
interface Vlan1
nameif inside
security-level 100
ip address 10.160.232.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 172.16.16.170 255.255.255.248
access-list inside_nat0_outbound extended permit ip any any
access-list outside_cryptomap_20 extended permit ip any any
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 172.16.16.169
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map Outside_map 20 match address outside_cryptomap_20
crypto map Outside_map 20 set peer 192.168.16.2
crypto map Outside_map 20 set transform-set ESP-AES-256-SHA
crypto map Outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
tunnel-group 192.168.16.2 type ipsec-l2l
tunnel-group 192.168.16.2 ipsec-attributes
pre-shared-key 123
10-05-2009 10:54 PM
check the below link...
hth
MS
10-06-2009 08:15 AM
Thank you, I will test it
also I have other problems when the VPN fails
lasts much to establish the connection again I need to reset the equiment of the services provider.
Any Idea
10-06-2009 12:48 PM
we have a similar issue...it related to the access list configure...it's different when u use remote access VPN or site-to-site VPN...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: