Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Site to Site VPN

Hello,

I have spent days on this and I am at a loss, I cannot get this tunnel up.

Two 837 Routers at remote sites, customer wants VPN between sites.

I followed the tutorials, i turn on the debugs and ping from each site, yet i see absolutely nothing happening on either.

crypto isakmp key 0 MYKEY address XXX.248.2.94 no-xauth

crypto map SDM_CMAP_1 4 ipsec-isakmp

set peer XXX.248.2.94

set transform-set SDM_TRANSFORMSET_1

match address 104

access-list 104 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 106 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

SDM_CMAP_1 assigned to dialer

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

Both sides are a mirror, yet i cannot see any activity at all. I can ping each routers outside.

I appreciate any help, thanks

2 REPLIES
Hall of Fame Super Blue

Re: Site to Site VPN

Hi

It would help if you could post full configs in case NAT is an issue but the first thing to note is what is access-list 106 ?.

Each side should mirror each other generally but your access-lists that define interesting traffic need to be flipped ie.

on router1

access-list 104 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

on router 2

access-list 106 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255

However i can't tell whether this is an issue as you have only posted partial configs. Could you post full configs please.

Jon

Community Member

Re: Site to Site VPN

Hello, Your suggestion saying it was NAT or ACL pointed me in the right direction. I reworked them and followed a Cisco Doc.

Cisco Document ID: 14144

It did the trick, but, I still do not understand why all the other tunnels work fine on the router and just this one has NAT issues...

Thanks for the help.

108
Views
0
Helpful
2
Replies
CreatePlease to create content