Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site-to-site vpn not working? (see attachments)

This is a rather complicated question...

Following situation: I have to establish a vpn-network between 5 routers, as seen in the attachment vpn.jpg. Currently, only the yellow routers are installed, with configs as seen in the attached files run_10.txt (the bottom-left) and run_14.txt (the mid-right router from vpn.jpg) and I try to get the vpn working across the yellowed lines. My home is at the bottom left, and from there I try to contact the pc When I telnet into the right yellow router I can ping all direct attached IPs: .66-.41-.42, but not .65, which is on my side. From my router, I can only ping .65, nothing else.

I ave eigrp running, and a "show ip route" on my bottom-left router shows two lines starting with D, the .40 and the .86 network. So the routing protocol is working, and the tunnel must be up.

But I can't get any normal data across... :-(

Some other remarks:

* this is the first tunnel, I want to implement 7 alltogether. So I have to use a routing protocol.

* The two left routers are 871w, the three right routers 871.

* in all locations on the right, there is a computer which accesses the internet through NAT with an IP of 192.168.0.x. So I have a slit tunnel situation...

* I have no tunnel security running yet, that will be my next issue...

If anyone can help me, please do!

Thanks in advance!


New Member

Re: Site-to-site vpn not working? (see attachments)

No answer yet?

New Member

Re: Site-to-site vpn not working? (see attachments)

I tried to solve my problem, but didn't get much further yet.

But: I picked up something about NAT and split-tunneling, which does make sense to me...

Can someone help me with the problem described above, maybe with a solution with split-tunneling? The routers mentioned should only send the 10.x.y.z traffic through the tunnels, all other traffic should go directly into the internet. Of course, with NAT enabled as in the given configs...

Thanx in advance!