cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
547
Views
0
Helpful
1
Replies

Route from 1800 series VPN tunnel to internet through 3640 series

wayne1wilkes
Level 1
Level 1



I have a Cisco 1800 series with a VPN Tunnel to my primary network.

I have a   Cisco 3640 Series as main router at primary location, with 6 FastEthernet,   internal network is 10.0.0.0 255.255.0.0, interface on cisco FE0/0 10.0.0.2......Fiber to Internet connected to fastethernet   169.254.1.2 on 3640. Other interfaces on 3640...172.x.x.x 192.x.x.x 163.x.x.x   and 169.x.x.x All routing from internal network works well to all interfaces,   and all 10.0.0.0 traffic can access internet. I've added the second router at location  for a vpn connection and tunnel works well, (see config below-addresses, pw, and psk changed for privacy) computer on far side of tunnel   10.0.20.x and can access all devices on this side 10.0.0.0 network and FE0/0 on 1800 is 10.0.0.100 , however no   tunnel traffic can get to internet through the 3640 10.0.0.2 as there is no route   to get to 10.0.20.x traffic to 10.0.0.2 if looking for internet address. I   tested a specific address and added a route for it to the 1800 and it works   to get to internet, I can't add all ip addresses for routes for internet and   there has to be an easy way to resolve this by sending any 10.0.20.x traffic   looking for internet address to 10.0.0.2. interface FastEthernet0/0 on 1800 ip address 10.0.0.100 255.255.0.0 is   directly connected to switch on 10.0.0.0 network...(inside)

here is the 1800 cfg

SCSOBCO#sh run
Building configuration...

Current configuration : 1832 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SCSOBCO
!
boot-start-marker
boot-end-marker
!
enable secret
enable password
!
no aaa new-model
!
resource policy
!
ip cef
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key ******** address 51.22.184.247
!
!
crypto ipsec transform-set BCO-TSET esp-3des esp-md5-hmac
mode transport
!
crypto map BCO-MAP 10 ipsec-isakmp
set peer 51.22.184.247
set transform-set BCO-TSET
match address 172
!
interface Tunnel0
ip address 10.20.20.22 255.255.255.252
tunnel source 51.22.133.22
tunnel destination 51.22.184.247
!
interface FastEthernet0/0
ip address 10.0.0.100 255.255.0.0
ip nat inside
ip virtual-reassembly
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 51.22.133.22 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
no fair-queue
crypto map BCO-MAP
!
router bgp 65505
no synchronization
bgp router-id 10.20.20.22
bgp log-neighbor-changes
neighbor 10.20.20.21 remote-as 22394
neighbor 10.20.20.21 default-originate
neighbor 10.20.20.21 soft-reconfiguration inbound
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 51.22.133.21
!
!
ip http server
no ip http secure-server
!
no logging trap
access-list 100 permit ip any any
access-list 172 permit gre host 51.22.133.22 host 51.22.184.247
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password
login
!
scheduler allocate 20000 1000
end

SCSOBCO#

__.____._


1 Reply 1

gatlin007
Level 4
Level 4

Are you using 10.0.0.0/16 at both locations for their perspective LANs? 



Chris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: