Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Tunnel issue between Cisco 877W and UC520

Hi,

I have configured a Site to Site VPN connection between head office UC520 and remote site Cisco 877W, I can see the tunnel up but the issue is I can not talk to the subnet sitting behind the tunnel from either site, your assistance would be appreciated

Below the crypto config:

HO

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TS esp-aes esp-sha-hmac
!
crypto map MOBILE_VPN 10 ipsec-isakmp
set peer (REMOTE WAN ADDRESS)
set transform-set TS
match address 199
!
ip nat inside source list 198 interface Dialer0 overload
!
access-list 198 deny   ip 192.168.10.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 198 deny   ip 10.1.10.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 198 deny   ip 10.1.1.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 198 permit ip 192.168.10.0 0.0.0.255 any
access-list 198 permit ip 10.1.10.0 0.0.0.3 any
access-list 198 permit ip 10.1.1.0 0.0.0.255 any
!
access-list 199 permit ip 192.168.10.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 199 permit ip 10.1.10.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 199 permit ip 10.1.1.0 0.0.0.255 192.168.90.0 0.0.0.255

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key Secret KEY address (REMOTE WAN ADDRESS)
!

BRANCH

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key Secret KEY address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TS esp-aes esp-sha-hmac
!
!        
!        
crypto map MOBILE_VPN 10 ipsec-isakmp
set peer (HO WAN IP Address)
set transform-set TS
match address 199
!
ip nat inside source list 198 interface Dialer0 overload
!
access-list 198 deny   ip 192.168.90.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 198 deny   ip 192.168.90.0 0.0.0.255 10.1.10.0 0.0.0.255
access-list 198 deny   ip 192.168.90.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 198 permit ip 192.168.90.0 0.0.0.255 any
!
access-list 199 permit ip 192.168.90.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 199 permit ip 192.168.90.0 0.0.0.255 10.1.10.0 0.0.0.255
access-list 199 permit ip 192.168.90.0 0.0.0.255 10.1.1.0 0.0.0.255

1 REPLY
Community Member

Re: VPN Tunnel issue between Cisco 877W and UC520

Hi I have found the issue the NAT was blocking the routing

747
Views
0
Helpful
1
Replies
CreatePlease to create content