I just got a new 2921 router with ios 15.0. When configuring ipsec I'm able to get the session up and running between the routers.
I'm able to connect to the router from the "home" network using local ip addresses - but not anything behind the local interface on the remote router.
I'm connecting from the 2921 router to the 2811 router.
The configuration on the 2921 router is as follows (modified with regards to ip addresses and key):
crypto isakmp policy 10
crypto isakmp key MyKey address 18.104.22.168
crypto ipsec transform-set mets esp-aes esp-sha-hmac
crypto ipsec df-bit clear
crypto map ipsec-vpn 10 ipsec-isakmp
set peer 22.214.171.124
set transform-set mets
set pfs group2
match address 120
access-list 120 permit ip 10.191.255.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 130 permit ip 10.191.255.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 130 permit ip 10.191.255.0 0.0.0.255 any
ip address 10.191.255.1 255.255.255.0
ip access-group 130 in
ip address dhcp
crypto map ipsec-vpn
When doing a "ping" from 10.191.255.2 i get a match in the access-list 130, but not in the access-list 120.
And no result is returned from the "home" network.
I have also replaced the 2921 router with a 3845 running 12.4, and entered the same configuration. This is working as it's supposed to.
Are there any changes regarding configuration of this in ios 15.0 ?