Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

IPSEC VPN Tunnel establishment problems

Hi Guys,

Having a few issues getting an IPSEC VPN tunnel established - can someone please look at the configs and see any errors? Also, I have included an isakmp debug from the main router which shows it connects but doesnt establish the connection. When I ping from the branch router I get no isakmp debugging messages. Thanks in advance,

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: IPSEC VPN Tunnel establishment problems

Hello Matt,

you are doing NAT too.

you need to change your NAT config on the branch so that:

traffic to the main site is not NATTED

NAT has to reference a route-map that uses an extended ACL

access-list 160 deny ip 34.92.128.0 0.0.3.255 34.92.148.0 0.0.3.255

access-list 160 permit ip 34.92.128.0 0.0.3.255 any

route-map NAT_to_Internet permit 10

match ip address 160

ip nat inside route-map NAT_to_Internet interface Dialer1 overload

Hope to help

Giuseppe

1 REPLY
Hall of Fame Super Silver

Re: IPSEC VPN Tunnel establishment problems

Hello Matt,

you are doing NAT too.

you need to change your NAT config on the branch so that:

traffic to the main site is not NATTED

NAT has to reference a route-map that uses an extended ACL

access-list 160 deny ip 34.92.128.0 0.0.3.255 34.92.148.0 0.0.3.255

access-list 160 permit ip 34.92.128.0 0.0.3.255 any

route-map NAT_to_Internet permit 10

match ip address 160

ip nat inside route-map NAT_to_Internet interface Dialer1 overload

Hope to help

Giuseppe

107
Views
0
Helpful
1
Replies
CreatePlease to create content