Newbie - Site to Site VPN - What am I missing?

joekennedy62 · ‎01-25-2007

I have created a site to site VPN between two 851 routers. First subnet is 10.10.11.0 and the second is 10.10.10.0. What do I need to do to be able to make the two networks look as one?

Jon Marshall · ‎01-25-2007

Hi Joe

Site to site VPN's are used to allow subnets at different sites communicate with each other. They don't make the network look as one as such.

What is the exact problem. Can you not communicate between the two networks. If this is the case could you send copies of the configs of your 851 routers. Be sure to remove any sensitive info such as keys, public IP addresses etc.

Jon

joekennedy62 · ‎01-26-2007

This is for a school that has two buildings (too far apart to run cable). I can ping the router from either side. However, the teachers in one building need to connect to a computer in the other building to load student attendance. Using windows they connect to a shared folder and run an application.

I can ping the router from either side - just can't connect to the shared drive on the computer.

I'll post router config after I get it (probably over the weekend).

Thanks.

r.docuyanan · ‎02-01-2007

Hi Joe,

Before you post the config, make sure that you have an access-list that prevents the Natting of Source traffic from one building to another building.

You need to excempt this traffic in order for LAN to LAN communication to work. Though you can ping the router interface.

Btw you need to do this vice-versa

see if the nat excemptions work. Don't use the same access-list you use to create for your VPN Tunnel, use a new one for the nat excemptions