cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
407
Views
0
Helpful
1
Replies

Can't generate interesting traffic

pkluss
Level 1
Level 1

THIS MESSAGE HAS BEEN MOVED TO THE VPN MESSAGE BOARDS. PLEASE RESPOND THERE.

================================================================================

Why does the following config not generate any interesting traffic when I ping 10.40.10.117 from 192.168.100.161?

I have crypto debugging on and there doesn't seem to be any attempt to bring up the tunnel. I would love to hear any insight into this problem.

Thanks.

-pk

(I cut out parts I felt were insignificant to the problem.)

---------------------------------------

name 192.168.100.161 Phil

object-group network AddressesAllowed

description These are addresses that are allowed through the VPN firewall.

network-object 10.40.10.118 255.255.255.255

network-object 10.40.110.71 255.255.255.255

network-object 10.48.10.37 255.255.255.255

network-object 10.48.10.38 255.255.255.255

network-object 192.168.41.31 255.255.255.255

network-object 192.168.41.32 255.255.255.255

network-object 10.46.0.15 255.255.255.255

network-object 10.46.0.19 255.255.255.255

network-object 10.40.10.117 255.255.255.255

network-object 10.46.0.1 255.255.255.255

access-list polnat161 permit ip host Phil object-group AddressesAllowed

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 10.44.3.161 access-list polnat161 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map outside_map 40 ipsec-isakmp

crypto map outside_map 40 match address polnat161

crypto map outside_map 40 set peer 21.54.52.112

crypto map outside_map 40 set transform-set ESP-3DES-SHA

crypto map outside_map 40 set security-association lifetime seconds 21600 kilobytes 4608000

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address 21.54.52.112 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp policy 40 authentication pre-share

isakmp policy 40 encryption 3des

isakmp policy 40 hash sha

isakmp policy 40 group 2

isakmp policy 40 lifetime 3600

1 Reply 1

abinjola
Cisco Employee
Cisco Employee

add

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.117

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.118

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.31

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.37

access-list inside_outbound_nat0_acl permit ip host 92.168.100.161 host 10.40.10.38

now ping..let me know what happens

Review Cisco Networking for a $25 gift card