07-07-2002 06:34 PM - edited 02-21-2020 11:54 AM
I can not find a solution for this problem, the IPSEC tunnel is working,
i can ping from one end of the lan to the other but i cannot start telnet
sessions or terminal server sessions or make a connection with a
server.
I am using two Cisco 826 and IOS 12.1
07-07-2002 09:36 PM
Please check the access-list applied on both router's outside interface.
When the traffic decrypted, it will check the access-list again, if you have not permit telnet or ip traffic from remote inside network to local inside network and only allowed the ICMP traffic, you can ping but can not do anything else.
If it is still not working, please upload both router's config, let us have a check.
Best Regards,
07-08-2002 04:17 AM
First of all thanks for the fast respons,
Hereby the configurations, both access-lists are the same.
We think that we have a problem with the MTU but can not adjust it.
Please check the configurations
thank in advance
Best Regards,
Patrick van Gameren
rtr-adam#sh run
Building configuration...
Current configuration:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname rtr-adam
!
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
enable secret cisco
enable password cisco
!
username vg password cisco
username luuk password cisco
!
!
!
!
ip subnet-zero
ip host rtr-denhaag-wan 213.84.51.14
ip host rtr-medemblik-wan 80.242.226.70
!
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Firewall-1 tcp
ip inspect name Firewall-1 udp
ip inspect name Firewall-1 cuseeme
ip inspect name Firewall-1 ftp
ip inspect name Firewall-1 h323
ip inspect name Firewall-1 rcmd
ip inspect name Firewall-1 realaudio
ip inspect name Firewall-1 smtp
ip inspect name Firewall-1 streamworks
ip inspect name Firewall-1 vdolive
ip inspect name Firewall-1 sqlnet
ip inspect name Firewall-1 tftp
vpdn enable
no vpdn logging
!
async-bootp dns-server 194.109.6.66
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key EenHeleLeukeKey address 213.84.51.14
crypto isakmp key EenHeleLeukeKey address 80.242.226.70
!
!
crypto ipsec transform-set tunnel-set esp-3des esp-md5-hmac
!
crypto map telemostunnel 10 ipsec-isakmp
set peer 213.84.51.14
set transform-set tunnel-set
match address 102
crypto map telemostunnel 20 ipsec-isakmp
set peer 80.242.226.70
set transform-set tunnel-set
match address 103
!
!
!
!
interface Ethernet0
description connected to EthernetLAN-Amsterdam
ip address 10.10.11.5 255.255.255.0
ip nat inside
ip rip send version 2
ip rip receive version 2
ip inspect Firewall-1 in
no ip route-cache
no ip mroute-cache
!
interface ATM0
no ip address
ip nat outside
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username maison@xs4all-fast-adsl password 7 101F5F4E54393859
crypto map telemostunnel
!
router rip
version 2
network 10.0.0.0
network 192.168.3.0
!
ip nat inside source list 122 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.4.0 255.255.255.0 10.10.11.253
ip http server
!
access-list 6 permit 80.242.226.70
access-list 6 permit 212.129.148.153
access-list 6 permit 213.84.51.14
access-list 102 permit ip 10.10.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 permit ip 10.10.11.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 122 deny ip 10.10.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 122 deny ip 10.10.11.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 122 permit ip 10.10.11.0 0.0.0.255 any
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 122
!
banner motd ^CCC Unauthorized Access Prohibited !!!^C
!
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
access-class 6 in
exec-timeout 0 0
password 7 cisco
!
scheduler max-task-time 5000
end
rtr-denhaag#sh run
Building configuration...
Current configuration:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname rtr-denhaag
!
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
enable password cisco
!
username vg password cisco
username luuk password cisco
!
!
!
!
ip subnet-zero
ip host rtr-medemblik-wan 80.242.226.70
ip host rtr-amsterdam-wan 213.84.179.64
!
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Firewall-1 tcp
ip inspect name Firewall-1 udp
ip inspect name Firewall-1 cuseeme
ip inspect name Firewall-1 ftp
ip inspect name Firewall-1 h323
ip inspect name Firewall-1 rcmd
ip inspect name Firewall-1 realaudio
ip inspect name Firewall-1 smtp
ip inspect name Firewall-1 streamworks
ip inspect name Firewall-1 vdolive
ip inspect name Firewall-1 sqlnet
ip inspect name Firewall-1 tftp
vpdn enable
no vpdn logging
!
async-bootp dns-server 194.134.5.5
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key EenHeleLeukeKey address 213.84.179.64
crypto isakmp key EenHeleLeukeKey address 80.242.226.70
!
!
crypto ipsec transform-set tunnel-set esp-3des esp-md5-hmac
!
crypto map telemostunnel 10 ipsec-isakmp
set peer 213.84.179.64
set transform-set tunnel-set
match address 102
crypto map telemostunnel 20 ipsec-isakmp
set peer 80.242.226.70
set transform-set tunnel-set
match address 103
!
!
!
!
interface Ethernet0
description connected to EthernetLAN-DenHaag
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip inspect Firewall-1 in
ip route-cache policy
!
interface ATM0
no ip address
ip nat outside
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username mdbdh@xs4all-fast-adsl password 7 124B5046410A0756
crypto map telemostunnel
!
router rip
version 2
passive-interface Dialer0
network 192.168.2.0
!
ip nat inside source list 122 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.10.11.0 255.255.255.0 213.84.179.64
ip route 192.168.3.0 255.255.255.0 80.242.226.70
ip http server
!
access-list 6 permit 80.242.226.70
access-list 6 permit 212.129.148.153
access-list 6 permit 213.84.179.64
access-list 102 permit ip 192.168.2.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 122 deny ip 192.168.2.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 122 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 122 permit ip 192.168.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 122
!
banner motd ^CCCC Unauthorized Access Prohibited !!!^C
!
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
access-class 6 in
password cisco
!
scheduler max-task-time 5000
end
07-13-2002 06:11 AM
Does anyone has a sample configuration for two Cisco 826 routes
building a IPSEC tunnel
07-24-2002 03:52 AM
Problem solved.
changed ios to version 12.2
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: