I am working on setting up a vpn connection point-to-point.
the encryption is working.
crypto isakmp policy 100
crypto isakmp key gemplus address 10.3.162.2
crypto ipsec transform-set g_tran ah-sha-hmac esp-3des
crypto map g_map 10 ipsec-isakmp
set peer 10.3.162.2
set transform-set g_tran
match address 151
ip address 10.3.162.1 255.255.255.252
ip access-group 120 in
no cdp enable
crypto map g_map
ip route 184.108.40.206 255.255.255.255 10.3.162.2
The access-lists I have defined are:
access-list 120 permit ahp any any
access-list 120 permit esp any any
access-list 120 permit udp any eq isakmp any eq isakmp
access-list 151 permit ip host 10.30.49.5 host 220.127.116.11
the config is the same in reverse at the other router end.
when I ping from 10.30.49.5 to 18.104.22.168 I get no reply. I have defined the encryption access to the interface and the crypto map to the access-list to define what is being encrypted.
I can only get it working when I define on the interface non encrypted ip traffic between 10.30.49.5 and 22.214.171.124.
Note: Config modified for security resons so please ignore spelling mistakes.
thanks in advance.