These are connected with a patch cable from the WAN port on the WG to the E0 interface on the 1700.
We have attempted to setup the IPSEC tunnel but cannot get it to pass traffic. Here is the config:
Test#sh conf Using 1392 out of 29688 bytes ! ! Last configuration change at 07:01:19 UTC Mon Aug 25 2008 ! NVRAM config last updated at 07:01:24 UTC Mon Aug 25 2008 ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Test ! boot-start-marker boot-end-marker ! enable secret 5 $1$KBPN$M5mJjH.fXh/pVoEmzEsvp0 enable password cisco ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 no aaa new-model ip subnet-zero no ip routing ! ! ! no ip cef ip audit po max-events 100 no ftp-server write-enable ! ! ! ! ! crypto isakmp policy 5 encr 3des authentication pre-share group 2 crypto isakmp key random address 184.108.40.206 ! ! crypto ipsec transform-set randomset esp-3des esp-sha-hmac ! crypto map CISCO 10 ipsec-isakmp set peer 220.127.116.11 set transform-set randomset set pfs group2 match address 101 ! ! ! interface Ethernet0/0 ip address 18.104.22.168 255.255.255.0 no ip route-cache half-duplex crypto map CISCO ! interface FastEthernet0/0 ip address 10.200.20.1 255.255.255.0 no ip route-cache speed auto full-duplex ! ip classless ip route 0.0.0.0 0.0.0.0 22.214.171.124 ip route 10.200.20.0 255.255.255.0 126.96.36.199 no ip http server no ip http secure-server ! ! access-list 101 permit ip 10.200.20.0 0.0.0.255 10.200.1.0 0.0.0.255 ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! end
The tunnel shows that it's active on the WG but we are unable to pass any traffic. If I ping from a computer on the 10.200.1.0 network I am unable to get a reply.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...