Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

UC520 Site-to-Site VPN

Hi there,

We are trying to connect to UC520 devices to eachother with an site-to-site ipsec VPN. The one site has LAN range 192.168.2.x and the other site has LAN range 192.168.1.x We followed many articles but the result is that the tunnel will not get up and there is no traffic flow between both sites. Enclosed i have the configuration of the tunnels. What could be the problem ?

2 REPLIES
Silver

Re: UC520 Site-to-Site VPN

Your issue, I think, has to do with NAT.

you need to disable NAT at both location,

something like this:

site A: access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

ip nat inside source list 100 inteface F0/0 overload

site B: access-list 100 deny ip192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

ip nat inside source list 100 inteface F0/0 overload

once you've done that, do "clear ip nat trans *" and try again. It will work this time. The purpose of access-list 100 is to tell both site A and site B, when communicating with each other, do NOT NAT,

New Member

Re: UC520 Site-to-Site VPN

Thanks for the reply. I put the extra lines in the configuration but the tunnel is not coming up at all. When i do sh crypto isakmp sa the device shows me nothing and when i do sh crypto ipsec sa there is no connectivity. What could be the problem ?

360
Views
0
Helpful
2
Replies
CreatePlease to create content