Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN created, but cannot ping

we use two CISCO router 1841 to link two LAN,

the LAN1 router ,

inside ip 192.168.100.100

outside ip 10.3.13.100, gateway 10.3.13.254

the LAN2 router

inside ip 192.168.1.60

outside ip 10.3.38.100, gateway 10.3.38.1

now we create the VPN as the document.

use debug crypto isakmp, IKE phase 2 is ok.

use show crypto session, VPN is active.

use show crypto engine connections active. only have encrypt packet,donot have decrypt data.

Now the problem is external host cannot ping each other.

It is very strange, can anyone help?

4 REPLIES
Community Member

Re: VPN created, but cannot ping

LAN1 router config

crypto isakmp policy 50

hash md5

authentication pre-share

crypto isakmp key XXXX address 10.3.38.100

!

!

crypto ipsec transform-set myset esp-des esp-md5-hmac

!

crypto map mymap 1 ipsec-isakmp

set peer 10.3.38.100

set transform-set myset

match address 106

!

!

interface FastEthernet0/0

ip address 192.168.100.100 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.3.13.100 255.255.255.0

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

!

!

ip route 10.3.38.0 255.255.255.0 10.3.13.254

ip route 192.168.1.0 255.255.255.0 10.3.38.100

!

access-list 106 permit ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255

Community Member

Re: VPN created, but cannot ping

LAN2 router config

crypto isakmp policy 50

hash md5

authentication pre-share

crypto isakmp key XXXX address 10.3.13.100

!

!

crypto ipsec transform-set myset esp-des esp-md5-hmac

!

crypto map mymap 1 ipsec-isakmp

set peer 10.3.13.100

set transform-set myset

match address 106

!

!

interface FastEthernet0/0

ip address 192.168.1.60 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.3.38.100 255.255.255.0

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

!

!

ip route 10.3.13.0 255.255.255.0 10.3.38.1

ip route 192.168.100.0 255.255.255.0 10.3.13.100

!

access-list 106 permit ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255

Re: VPN created, but cannot ping

Can you reconfigure the static route(s) as follows and test.

Router 1:

ip route 192.168.1.0 255.255.255.0 10.3.13.254

Router 2:

ip route 192.168.100.0 255.255.255.0 10.3.38.1

Moreover, why is the crypto map not applied to the outside interface?

HTH

Sundar

Community Member

Re: VPN created, but cannot ping

Ok,

we need goto site to do the test tommorrow.

outside interface have crypto map.

thanks

147
Views
0
Helpful
4
Replies
CreatePlease to create content