Hello Community,

VPN over IPSec (Site-2-Site)

Here is the Configuration of the Cisco 1841 Router:

//Login Credentails

enable secret xxxxxx

username admin privilege 15 password xxxxxx

//ACL for VPN and NAT

access-list 102 permit ip 192.168.192.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 102 permit ip 192.168.192.0 0.0.0.255 172.20.0.0 0.0.0.255

access-list 150 deny   ip 192.168.192.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 150 deny   ip 192.168.192.0 0.0.0.255 172.20.0.0 0.0.0.255

access-list 150 permit ip 192.168.192.0 0.0.0.255 any

//ACL

ip access-list extended inboundfilter

evaluate reflectacl

permit udp any host <<WANIP>> eq isakmp

permit tcp any host <<WANIP>> eq 22

permit icmp any host <<WANIP>>

!

ip access-list extended outboundfilter

permit ip any 192.168.0.0 0.0.255.255 reflect reflectacl

permit ip any 172.20.0.0 0.0.0.255 reflect reflectacl

deny   udp 192.168.XXX.0 0.0.0.255 any

permit ip any any reflect reflectacl

//VPN settings

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

crypto isakmp key xxxxxxxxx address xxxx.xxx.xxx.226

crypto isakmp keepalive 30

crypto ipsec transform-set SET esp-aes esp-sha-hmac

crypto map B2B 10 ipsec-isakmp

description b2b-fw-ushou-1

set peer xxx.xxx.xxx.xxx

set security-association lifetime seconds 86400

set transform-set SET

match address 102

//Interface configuration

interface FastEthernet0/0

description wan_primary

ip access-group inboundfilter in

ip access-group outboundfilter out

crypto map B2B

interface FastEthernet0/1

ip nat inside

route-map nonat permit 10

match ip address 150

ip nat inside source route-map nonat interface FastEthernet0/0 overload

The cisco 1841 router will you for ssh the aaa authentication method. But the router can not ping over the VPN in the remote LAN. The router can not reach the Radius server. Have anybody an idea to solve this issue?

Best Regards

Markus Thun