Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

site to site vpn - help

Hi,

I've configured a site to site vpn between two 2811 routers, one local and another one remote.

I need to know if a PC conected to the remote LAN (192.168.10.0) can connect to the local LAN (192.168.2.0).

These are the routers configurations,

Local:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxx address xx.xx.xx.xx

!

crypto isakmp client configuration group xxxxxx

key xxxxxx

pool ippool

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

reverse-route

!

!

crypto map IPSEC_VPN isakmp authorization list groupauthor

crypto map IPSEC_VPN client configuration address respond

crypto map IPSEC_VPN 3 ipsec-isakmp

set peer xx.xx.xx.xx

set transform-set ESP-3DES-SHA

match address 103

crypto map IPSEC_VPN 10 ipsec-isakmp dynamic dynmap

!

interface Tunnel1

ip address 10.1.1.10 255.255.255.252

keepalive 10 3

tunnel source FastEthernet0/0

tunnel destination xx.xx.xx.xx

!

interface Loopback0

ip address 10.11.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0

description Interface WAN

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip access-group 14 out

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

crypto map IPSEC_VPN

!

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

load-interval 30

!

ip local pool ippool 192.168.2.11 192.168.2.15

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

ip route 192.168.10.1 255.255.255.0 10.1.1.9

!

ip http server

no ip http secure-server

ip nat inside source route-map primary interface FastEthernet0/0 overload

access-list 14 permit any

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 103 permit gre host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

!

route-map primary permit 10

match ip address 102

match interface FastEthernet0/0

!

...

Remote:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxx address xxx.xxx.xxx.xxx

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map IPSEC_VPN 3 ipsec-isakmp

description IPSEC VPN

set peer xxx.xxx.xxx.xxx

set transform-set ESP-3DES-SHA

match address 103

!

interface Tunnel3

description vpn tunnel

ip address 10.1.1.9 255.255.255.252

ip nat inside

ip virtual-reassembly

keepalive 10 3

tunnel source Vlan1

tunnel destination xxx.xxx.xxx.xxx

crypto map IPSEC_VPN

!

!

interface Vlan1

description Local HQ LAN

ip address 192.168.10.1 255.255.255.0

ip nat outside

ip virtual-reassembly

crypto map IPSEC_VPN

!

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

ip route 192.168.2.0 255.255.255.0 10.1.1.10

!

ip http server

ip http authentication local

ip http secure-server

!

access-list 103 permit gre host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

!

...

Please, could anybody help me?

Thanks in advance.

Regards.

140
Views
0
Helpful
0
Replies
CreatePlease to create content