Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site VPN is up but no traffic gets through.

Hi there.  I'm sure this comes up a lot but I am tearing my hear out and don't have the required cisco skills to troubleshoot this problem.  I am hoping someone here may spot what is wrong in my configuration.

Using the Cisco Configuration Professional software I have created a site to site VPN connection (between a cisco 1841 and 1811).

The tunnel appears to be up as far as the routers are concerned, but I am unable to ping anything on the remote networks. I thought route maps may have had something to do with this but I cant see what is worng with them.

Just so you know, the 1841 device already has a functioning VPN tunnel to another site, in case that confuses anyone.  The peers I am concerned about are 141.0.59.x and 109.238.78.x.

Many thanks.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Site to Site VPN is up but no traffic gets through.

Hi Haydin,

You have the following:

ip access-list extended port-forwards

deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 any

!

Not sure why you have the whole network in there with the any keyword, you better create a static one to one translation.

Could you please take it out and give it a try?

ip access-list extended port-forwards

     no permit ip 192.168.1.0 0.0.0.255 any

Thanks in advance.

12 REPLIES
New Member

Site to Site VPN is up but no traffic gets through.

Actually it may be working.  I might be being a bit dense.  I didn't consider which address my router was pinging from when I tested this.  Fingers crossed it looks like its actually working.

Site to Site VPN is up but no traffic gets through.

Hello Haydn,

I just went through both configuations and they both look perfect ( Crypto ACLs, NAT, IPSEC parameters,Isakmp parameters,etc)

Let me know if this is indeed working or if you need some assistance as I will require you to run some debugs,

Regards,

Julio

Rate all the helpful posts

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com

Re: Site to Site VPN is up but no traffic gets through.

Hi there

I agree with Julio (5 stars), so far so good.

Let us know if you run into any issues.

Rate any post you find useful.

New Member

Re: Site to Site VPN is up but no traffic gets through.

Thanks for the replies.

Seems there may still be some issues.  Once this VPN connection is created, machines on the local subnets loose their ability to comunicate with the internet.  It seems they are only able to comunicate over the local subnet and the site to site VPN. 

Very odd.

I will have a chance to test it properly tomorrow, once I am onsite.

Re: Site to Site VPN is up but no traffic gets through.

Hello Haydn,

On witch router does that happen ( users cannot communicate across the internet) so we can focus and work on that?

Regards

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: Site to Site VPN is up but no traffic gets through.

It appears to be happening on both the routers.  I am going to double check this later tonight.  Unfortunatly, as one of the offices is live, I cannot play around with this during the day.

Many thanks again for your help.

New Member

Re: Site to Site VPN is up but no traffic gets through.

Hey,

Your problem may be related to your routing table.

Looking at the config of the router 1811 you have "ip route 0.0.0.0 0.0.0.0 141.0.59.x" which is correct for internet traffic.

Try pinging a public IP using the internal interface as source like:"ping 8.8.8.8 source Fastethernet1" and see if it works.

if it isn't the routing I guess it will be an access list that you created while creating the VPN.

HTH,

Fabio

Site to Site VPN is up but no traffic gets through.

Hi,

I agree with Fabio.

The routing portion seems to be OK, unless I am overlooking at something it should be working fine.

Please try it and let me know.

New Member

Re: Site to Site VPN is up but no traffic gets through.

Interestingly I tried the site to site again today and the 1811 device could quite happily communicate over the VPN and over the WAN.  Only the 1841 was having problems.  Could you look at the configuration of the routing on the 1841 device.  I don't actually configure this one (was originally managed by the ISP) and it all looks rather messy,  Unfortunately the ISP now refuse to touch the thing which is rather nightmarish.

Re: Site to Site VPN is up but no traffic gets through.

Hi Haydin,

You have the following:

ip access-list extended port-forwards

deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 any

!

Not sure why you have the whole network in there with the any keyword, you better create a static one to one translation.

Could you please take it out and give it a try?

ip access-list extended port-forwards

     no permit ip 192.168.1.0 0.0.0.255 any

Thanks in advance.

New Member

Re: Site to Site VPN is up but no traffic gets through.

You sir are a gentleman and a scholar.  I think I want to have your babies.

I will mark yours as the answer in a few minutes.  Once I know I'm not seeing things.

Re: Site to Site VPN is up but no traffic gets through.

Wow what a nice comment!!! :$ hahaha

Feel free to count on us at any time ;-)

Take care

1013
Views
20
Helpful
12
Replies