04-28-2006 05:50 AM - edited 02-21-2020 12:51 AM
hi everybody. Hoping i can get an answer here as i'm completely stumped.
Below is the config of a router I was working. I've attached a network diagram also. I want to configure the router in such a way that that traffic bound for remote.host.ip is sent over the VPN and everything else gets sent to the internet. What is happenning is traffic bound for and coming from the internet is fine, but traffic for remote.host.ip is not getting sent over the VPN. In fact, the vpn isn't even being created. Connectivity wise everything seems fine, as I can ping the PIX from all interfaces.
Anyways, I'm stumped and would be hugely grateful if you could spare a minute to give it the once over in case I've done something obvious/stupid.
Building configuration...
Current configuration : 1859 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
enable password 7 xxxxxx
!
no aaa new-model
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key 0 xxxxxxx address remote.pix.ip
!
!
crypto ipsec transform-set pix-set esp-des esp-md5-hmac !
crypto map pix 10 ipsec-isakmp
set peer remote.pix.ip
set transform-set pix-set
match address 101
!
!
interface Ethernet0
ip address 192.168.25.161 255.255.255.224
ip nat inside !
interface Ethernet1
ip address 192.168.49.250 255.255.255.0
ip nat outside
duplex auto
crypto map pix
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip default-gateway 192.168.49.254
ip nat inside source route-map nonat interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.49.254
ip route host.server.ip 255.255.255.255 remote.pix.ip
ip route remote.pix.ip 255.255.255.255 192.168.49.254
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.25.160 0.0.0.31 host remote.host.ip
access-list 150 deny ip 192.168.25.160 0.0.0.31 host remote.host.ip
access-list 150 permit ip 192.168.25.160 0.0.0.31 any
route-map nonat permit 10
match ip address 150
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
!
end
router#
05-01-2006 10:45 PM
AR eyou still having this issue ..? pleae post the config on your PIX to give you an hand !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide