Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

strange routing information for nonat private network connection by IPSec

We set up IPSec between two 2610 routers to connect two private networks addressed 192.168.x.0 and 192.168.y.0. The NAT are not used in our system, and we use proxies for internet accesse.

After the following configuration it works fine (the internal private network can see each other).After one month, when we power off one of the router for about 30 minites, and restart it. the connection has a failure. And after 12 days it works angain without much change to the configuration.

The following is the configuration. I want to know is there any bad influence to the internet from the nonat private address? for in the failure time, we find some strange routing information on internet.

Any help will be appreciated !

Sina@quzhj.com

crypto isakmp policy 10

authentication pre-share

crypto isakmp key * address peer addr.

crypto ipsec transform-set * esp-des esp-md5-hmac

crypto map vpn1 10 ipsec-isakmp

set peer "peer addr"

set transform-set *

match address 101

interface Ethernet0/0

ip address internal addr.

no ip directed-broadcast

interface Ethernet1/0

ip address external addr.

no ip directed-broadcast

crypto map vpn1

!

ip classless

ip route 0.0.0.0 0.0.0.0 external route

ip route 192.168.x.0 255.255.0.0 internal route

ip route 192.168.y.0 255.255.0.0 external route

no ip http server

!

access-list 101 permit ip 192.168.x.0 0.0.255.255 192.168.y.0 0.0.0.255

2 REPLIES
New Member

Re: strange routing information for nonat private network connec

access-list 101 permit ip 192.168.x.0 0.0.255.255 192.168.y.0 0.0.0.255

YOU MAY WANT TO TAKE A LOOK AT YOUR ACCESS-LIST. BELOW ACCESS-LIST WILL BE MORE PRODUCTIVE;

access-list 101 permit ip 192.168.x.0 0.0.0.255 192.168.y.0 0.0.0.255

New Member

Re: strange routing information for nonat private network connec

Thank you for your advice, but it seems the access-list is not the problem. The x in the address192.168.x.0 is not a single value, it include many different values for different vlans, and y in address 192.168.y.0 is a single value. I am sorry I have made a mistake in my last post about the ip route config. it should be:

ip classless

ip route 0.0.0.0 0.0.0.0 external route

ip route 192.168.x.0 255.255.0.0 internal route

ip route 192.168.y.0 255.255.255.0 external route

no ip http server

104
Views
0
Helpful
2
Replies
CreatePlease login to create content