we have cisco 1841Hsec installed in our main office & 2 ipsec site 2 site configured to branch offices, & they are working ok, but i discovered that from main 2 branch its working fine both ways but from branch 2 branch there is no traffic & when there is traffic traffic to main office stops, & what made even worse when remote users using cisco vpn client connects they should be able to access branch offices but this fails too
thanks for your help, i went through it comparing it to my configuration ( i am newbie with cisco, so i used SDM to write the coniguration ), and i found very no difference in the IPSec configuration compared to the example, so i wonder if its possible if have a look you might spot the problem i am missing, or if not possible point to SDM version of the above, if neither then at least how to troubleshoot as ping is lost, tracert get to a dead end on the c1841 LAN port
thanks, for your help, i did try this before, but may be i didn't do it correctly, i will try again, but i would apperciate if there is a guide to the steps to do (disabling NAT & re-enabling it again).
as for the results for the sh crypto commands its attached
dear sir, thanks again for your reply, i checked my ACL lists with your feedback, i have the following ACL's: 1, 100 (set on LAN port by firewall), 101 (on WAN port by firewall), 102 ( NAT for burg site), Alex (NAT for main site), Cairo (for cairo IPSec tunnel, matches above Cairo ACL, but i added both ways - am i worng?), Mercia (for mercia IPSec tunnel, also i added both ways, same as i did in cairo ACL)
here is it:
ip access-list extended Cairo
remark Cairo IPsec Tunnel
remark SDM_ACL Category=4
permit ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
remark Cairo - Burg
permit ip 192.168.1.0 0.0.0.255 192.168.101.0 0.0.0.255
remark Burg - Cairo
permit ip 192.168.101.0 0.0.0.255 192.168.1.0 0.0.0.255
remark Burg - Cairo - WAN
permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
as for burg its supplied by the ISP (frame relay) and the ACL is have is permit ip any any both sides
thanks again, i am waiting for your next suggestion
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :