Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
593
Views
0
Helpful
1
Replies

831 + VPN

preilly79
Level 1
Level 1

‎04-28-2006 05:50 AM - edited ‎02-21-2020 12:51 AM

hi everybody. Hoping i can get an answer here as i'm completely stumped.

Below is the config of a router I was working. I've attached a network diagram also. I want to configure the router in such a way that that traffic bound for remote.host.ip is sent over the VPN and everything else gets sent to the internet. What is happenning is traffic bound for and coming from the internet is fine, but traffic for remote.host.ip is not getting sent over the VPN. In fact, the vpn isn't even being created. Connectivity wise everything seems fine, as I can ping the PIX from all interfaces.

Anyways, I'm stumped and would be hugely grateful if you could spare a minute to give it the once over in case I've done something obvious/stupid.

Building configuration...

Current configuration : 1859 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname router

!

enable password 7 xxxxxx

!

no aaa new-model

ip subnet-zero

!

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key 0 xxxxxxx address remote.pix.ip

!

!

crypto ipsec transform-set pix-set esp-des esp-md5-hmac !

crypto map pix 10 ipsec-isakmp

set peer remote.pix.ip

set transform-set pix-set

match address 101

!

!

interface Ethernet0

ip address 192.168.25.161 255.255.255.224

ip nat inside !

interface Ethernet1

ip address 192.168.49.250 255.255.255.0

ip nat outside

duplex auto

crypto map pix

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip default-gateway 192.168.49.254

ip nat inside source route-map nonat interface Ethernet1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.49.254

ip route host.server.ip 255.255.255.255 remote.pix.ip

ip route remote.pix.ip 255.255.255.255 192.168.49.254

no ip http server

no ip http secure-server

!

access-list 101 permit ip 192.168.25.160 0.0.0.31 host remote.host.ip

access-list 150 deny ip 192.168.25.160 0.0.0.31 host remote.host.ip

access-list 150 permit ip 192.168.25.160 0.0.0.31 any

route-map nonat permit 10

match ip address 150

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

login

!

scheduler max-task-time 5000

!

end

router#

Preview file
7 KB
0 Helpful
1 Reply 1

Fernando_Meza
Level 7
Level 7

‎05-01-2006 10:45 PM

AR eyou still having this issue ..? pleae post the config on your PIX to give you an hand !!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card