cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
332
Views
0
Helpful
4
Replies

Problems with cisco 827h

edgar-quintana
Level 1
Level 1

Hi, I?ve a 827h using c820-k9osy6-mz.123-8.T11.bin IOS version.

I try to configure a vpn with ipsec 3des pre-share key.

In my site is the 827h, in the other site a 1721.

Using SDM with the 1721, the software says that the vpn tunnel is up...but I can not ping machines.

My configuration (827H) is here added...

4 Replies 4

spremkumar
Level 9
Level 9

Hi

Two things which i wanted to point out here is the definition of interesting traffic and NATting the whole traffic going out.

You shouldnt nat the traffic pointed towards your remote vpn location(remote LAN) also the interesting traffic for encryption do configure the acl matching the lan to lan traffic.

for more info do refer this link..

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ef.shtml

regds

Hello,

with the current configuration, all your traffic is translated to the address of the ATM 0.1 interface. You already have access list 100 defined, but I think you are missing a few lines. Try and add the following:

ip Nat inside source route-map nonat interface ATM0.1 overload

access-list 100 deny ip 192.168.155.0 0.0.0.255 192.168.156.0 0.0.0.255

access-list 100 permit ip 192.168.155.0 0.0.0.255 any

!

route-map nonat permit 10

match ip address 100

Can you try this and check if it makes a difference ?

Regards,

GNT

Hi,

Thank you very much for reading and quickly response...

Today I can not try your new configuration, but this week I?ll try and I?ll answer you if there is any change ok?

Best regards!!!!!

Hi,

I?ve added a new vpn connection and insert your recomendation but noting... still getting the same error.

This is my configuration file:

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: