Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Site to Site VPN


I have spent days on this and I am at a loss, I cannot get this tunnel up.

Two 837 Routers at remote sites, customer wants VPN between sites.

I followed the tutorials, i turn on the debugs and ping from each site, yet i see absolutely nothing happening on either.

crypto isakmp key 0 MYKEY address XXX.248.2.94 no-xauth

crypto map SDM_CMAP_1 4 ipsec-isakmp

set peer XXX.248.2.94

set transform-set SDM_TRANSFORMSET_1

match address 104

access-list 104 permit ip

access-list 106 deny ip

SDM_CMAP_1 assigned to dialer

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

Both sides are a mirror, yet i cannot see any activity at all. I can ping each routers outside.

I appreciate any help, thanks

Hall of Fame Super Blue

Re: Site to Site VPN


It would help if you could post full configs in case NAT is an issue but the first thing to note is what is access-list 106 ?.

Each side should mirror each other generally but your access-lists that define interesting traffic need to be flipped ie.

on router1

access-list 104 permit ip

on router 2

access-list 106 permit ip

However i can't tell whether this is an issue as you have only posted partial configs. Could you post full configs please.


Community Member

Re: Site to Site VPN

Hello, Your suggestion saying it was NAT or ACL pointed me in the right direction. I reworked them and followed a Cisco Doc.

Cisco Document ID: 14144

It did the trick, but, I still do not understand why all the other tunnels work fine on the router and just this one has NAT issues...

Thanks for the help.

CreatePlease to create content