vpn problem

ytalibi · ‎06-10-2002

i have a vpn between router A & router B.

the machines of site A are connected has through a PIX 515.

I have 3 segment in site B : 20.x.x.x, 10.128.13.x and 10.128.20.x which accedent to the network 10.3.1.x in site A.

i can't ping 10.3.1.x from site B without initiate a ping from site A.

sh run:

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key dialvpn address 10.3.0.9

!

crypto ipsec transform-set dialyset esp-des

mode transport

!

crypto map dialymap local-address Tunnel0

crypto map dialymap 10 ipsec-isakmp

set peer 10.3.0.9

set transform-set dialyset

match address 101

!

interface Loopback0

ip address X.X.X.X

!

interface Tunnel0

bandwidth 10000

backup delay 5 5

backup interface Dialer2

ip address 10.3.0.10 255.255.255.252

keepalive 5 3

tunnel source X.X.X.X

tunnel destination Y.Y.Y.Y

crypto map dialymap

!

interface BRI0

description connected to Internet

no ip address

ip nat outside

encapsulation ppp

dialer pool-member 1

dialer pool-member 2

isdn switch-type basic-net3

no cdp enable

crypto map dialymap

!

interface FastEthernet0

description connected to EthernetLAN

ip address 10.1.2.1 255.255.255.0

ip nat inside

speed auto

half-duplex

no cdp enable

!

interface Serial0

bandwidth 64

ip address 10.1.100.2 255.255.255.252

no fair-queue

crypto map dialymap

!

interface Serial1

ip address 11.11.11.2 255.255.255.252

ip nat outside

no cdp enable

!

interface Dialer1

description connected to Internet

ip address 10.200.2.104 255.255.0.0

ip nat outside

encapsulation ppp

no ip split-horizon

dialer pool 1

dialer idle-timeout 20

dialer hold-queue 10

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname ditech

ppp chap password 7 -- moderator edit --

ppp pap sent-username -- moderator edit -- password 7 -- moderator edit --

crypto map dialymap

!

interface Dialer2

ip address 10.3.0.14 255.255.255.252

encapsulation ppp

dialer pool 2

dialer idle-timeout 86400

dialer-group 1

ppp authentication chap

ppp chap hostname dialy

ppp chap password 7 -- moderator edit --

!

ip nat inside source static 10.1.2.8 131.107.0.23 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

ip route 0.0.0.0 0.0.0.0 Dialer1 150

ip route 10.3.1.0 255.255.255.240 10.1.2.32

ip route 20.1.1.0 255.255.255.0 10.3.0.9

ip route 20.1.1.0 255.255.255.0 Dialer2

ip route 10.128.13.13 255.255.255.255 10.3.0.9

ip route 10.128.13.13 255.255.255.255 Dialer2

ip route 10.128.20.21 255.255.255.255 10.3.0.9

ip route 10.128.20.21 255.255.255.255 Dialer2

no ip http server

ip http port 12337

ip pim bidir-enable

!

access-list 101 permit ip 10.3.1.0 0.0.0.15 20.1.1.0 0.0.0.255

access-list 101 permit ip 10.3.1.0 0.0.0.15 10.128.20.0 0.0.0.255

access-list 101 permit ip 10.3.1.0 0.0.0.15 10.128.23.0 0.0.0.255

access-list 101 permit ip 10.3.1.0 0.0.0.15 host 10.128.20.21

access-list 101 permit ip 10.3.1.0 0.0.0.15 host 10.128.13.13

ciscomoderator · ‎06-15-2002

Often times complex configuration/troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it’s often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.