12-23-2005 06:57 AM
Tunnel is active and a ping from the 871 lan to the 91 lan goes through the tunnel (the 91 receives the packets), but the 871 lan receives nothing (the 91 sends the packets through the tunnel)
the 91 has three other good working tunnels with other routers
I'm sure, the fault is on the 871, but I can't find it.
Please help.
Best regards,
Alex
Relevant info of the config on the 871:
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key *** address 82.x.x.38
crypto ipsec transform-set cryptoset esp-3des esp-md5-hmac
!
crypto map VPNLan 20 ipsec-isakmp
set peer 82.170.117.38
set transform-set cryptoset
match address 115
!
!
!
interface Loopback0
ip address 1.1.x.x.x.255.0
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address 193.173.x.x.x.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map VPNLan
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.x.x.x.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
ip nat inside source route-map vpnnonat interface FastEthernet4 overload
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 194.151.228.34 eq domain host 193.173.97.158
access-list 101 permit udp host 194.151.228.18 eq domain host 193.173.97.158
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any traceroute
access-list 101 permit tcp any any eq 22
access-list 101 permit esp any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq 10000
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 139
access-list 101 permit udp any any eq netbios-ns
access-list 101 permit udp any any eq netbios-dgm
access-list 101 permit gre any any
access-list 101 remark *** TOEGANG VOOR LOKALE NETWERKEN
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 101 permit ip host 82.170.117.38 any
access-list 101 permit ip host 82.170.117.35 any
access-list 101 remark *** WEIGER REST
access-list 101 deny ip any any
access-list 115 remark *** encrypt private to private traffic
access-list 115 remark *** to argobest
access-list 115 permit ip 192.168.14.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 115 deny ip 192.168.14.0 0.0.0.255 any
access-list 116 remark *** except private to private traffic from nat
access-list 116 remark *** to argobest
access-list 116 deny ip 192.168.14.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 116 permit ip 192.168.14.0 0.0.0.255 any
access-list 117 remark *** private to private traffic through loopback
access-list 117 remark *** to argobest
access-list 117 permit ip 192.168.14.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 117 deny ip 192.168.14.0 0.0.0.255 any
no cdp run
route-map vpnnonat permit 20
match ip address 116
!
route-map nonat permit 10
match ip address 117
set ip next-hop 1.1.1.2
12-24-2005 03:11 AM
The problem is not the cisco router, but the la-110 from RAD Data Communications. I found on a Dutch forum that the firewall is on. although it's off. You have to add two rules on the la-110 and the Cisco will have no problems at all.
Just via the www-interface it's possible and for me it's impossible to get there, because I'm not there.
Now my question:
I'd like to put a port forwarding on the Cisco to the la-110. That's outside to outside. Is that possible?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: