I was tasked on building a Site to Site with a partner vendor and after exchanging information such as peer address, PSK, etc, I started to build my end of the tunnel. The way the topology is setup is that I have an 871 ISR behind a broadband business class router that currently is allowing unrestricted access out to the internet. After configuring the tunnel, I can't seem to ping my peer address when I apply access-list 100 to the int fa4 (outside WAN) but I can ping when access-list 102 is applied. Am I doing something wrong? Would be great if someone out there can give me some feedback on this Below is the commands I implemented on the router: Thanks in advanced guys!
My Internal = 172.28.3.1/24
My Public = 220.127.116.11
Peer Internal = 18.104.22.168
Peer Public = 22.214.171.124
access-list 100 permit ip 172.28.3.0 0.0.0.255 126.96.36.199 0.0.0.15
access-list 100 deny ip any any
ip nat inside source list 100 in interface FastEthernet4 overload
The crypto-ACL that defines the traffic that should be sent through VPN is not ment to be applied to an interface. The Interface-ACL should include anything you had before in the ACL and the IPSec-Traffic between the two peers (IP/50 and UDP/500).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :