Site-to-Site and VPN Server on Cisco881- 1WAN

Unanswered Question
Feb 2nd, 2010
User Badges:

I have a VPN Server setup on an 881 which works wonderful.  The client is now asking to have a Site-to-Site added to the 881.  When I add this the site-to-site comes up but the VPN server stops responding to VPN Cient request.  Config Below...


aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local

aaa authentication login ciscocp_vpn_xauth_ml_1 local


crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key ******* address 24.x.x.x

!
crypto isakmp client configuration group CLIENT

key **********

dns X.x.x.x x.x.x.x

pool SDM_POOL_1
max-users 8
crypto isakmp profile ciscocp-ike-profile-1
   match identity group CLIENT

   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set CLIENT esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-hmac
!
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 1200
set transform-set CLIENT

set isakmp-profile ciscocp-ike-profile-1
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to24.x.x.x

set peer 24.x.x.x

set transform-set ESP-3DES-SHA
match address 101


interface FastEthernet4
description $ES_WAN$
ip address x.x.x.x

ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1


ip local pool SDM_POOL_1 192.0.100.90 192.0.100.98
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x

ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000


access-list 100 remark CCP_ACL Category=2
access-list 100 remark IPSec Rule
access-list 100 deny   ip 192.168.168.0 0.0.0.255 192.0.100.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 deny   ip 192.0.100.0 0.0.0.255 192.168.168.0 0.0.0.255
access-list 100 deny   ip any host 192.0.100.90
access-list 100 deny   ip any host 192.0.100.91
access-list 100 deny   ip any host 192.0.100.92
access-list 100 deny   ip any host 192.0.100.93
access-list 100 deny   ip any host 192.0.100.94
access-list 100 deny   ip any host 192.0.100.95
access-list 100 deny   ip any host 192.0.100.96
access-list 100 deny   ip any host 192.0.100.97
access-list 100 deny   ip any host 192.0.100.98


access-list 101 remark CCP_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.0.100.0 0.0.0.255 192.168.168.0 0.0.0.255



route-map SDM_RMAP_1 permit 1
match ip address 100

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion