Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access two segment via vpn

Hi,

We find that we can ping 192.168.100.0 segment but we cannot ping 192.168.101.0 segment in HK. how can we access two segment in HK via VPN? please advise

enclosed the config for your refer.

------

hk

!

crypto isakmp key owt address 203.x.x.x

crypto map mymap 104 ipsec-isakmp

description VPN from 192.168.31.0 segment to tw 192.168.100.0/23 segment

set peer 203.x.x.x

set transform-set myset

match address 104

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.100.0.0 0.0.1.255

----

tw

! 192.168.100.1

crypto isakmp key owt address 200.x.x.x

crypto map mymap 104 ipsec-isakmp

description VPN to to hk

set peer 200.x.x.x.

set transform-set myset

match address 104

access-list 104 permit ip 192.168.100.0 0.0.1.255 192.168.31.0 0.0.0.255

interface GigabitEthernet0/1

ip address 192.168.100.1 255.255.255.0

interface GigabitEthernet0/2

ip address 192.168.101.1 255.255.255.0

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: access two segment via vpn

Hi

Just add an extra line to your crypto access-list ie.

hk

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.101.0.0 0.0.1.255

tw

access-list 104 permit ip 192.168.101.0 0.0.1.255 192.168.31.0 0.0.0.255

HTH

Jon

2 REPLIES
Hall of Fame Super Blue

Re: access two segment via vpn

Hi

Just add an extra line to your crypto access-list ie.

hk

access-list 104 permit ip 192.168.31.0 0.0.0.255 192.168.101.0.0 0.0.1.255

tw

access-list 104 permit ip 192.168.101.0 0.0.1.255 192.168.31.0 0.0.0.255

HTH

Jon

New Member

Re: access two segment via vpn

thank, it is working

108
Views
0
Helpful
2
Replies