Hello Community,
VPN over IPSec (Site-2-Site)
Here is the Configuration of the Cisco 1841 Router:
//Login Credentails
enable secret xxxxxx
username admin privilege 15 password xxxxxx
//ACL for VPN and NAT
access-list 102 permit ip 192.168.192.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.192.0 0.0.0.255 172.20.0.0 0.0.0.255
access-list 150 deny ip 192.168.192.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 150 deny ip 192.168.192.0 0.0.0.255 172.20.0.0 0.0.0.255
access-list 150 permit ip 192.168.192.0 0.0.0.255 any
//ACL
ip access-list extended inboundfilter
evaluate reflectacl
permit udp any host <<WANIP>> eq isakmp
permit tcp any host <<WANIP>> eq 22
permit icmp any host <<WANIP>>
!
ip access-list extended outboundfilter
permit ip any 192.168.0.0 0.0.255.255 reflect reflectacl
permit ip any 172.20.0.0 0.0.0.255 reflect reflectacl
deny udp 192.168.XXX.0 0.0.0.255 any
permit ip any any reflect reflectacl
//VPN settings
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key xxxxxxxxx address xxxx.xxx.xxx.226
crypto isakmp keepalive 30
crypto ipsec transform-set SET esp-aes esp-sha-hmac
crypto map B2B 10 ipsec-isakmp
description b2b-fw-ushou-1
set peer xxx.xxx.xxx.xxx
set security-association lifetime seconds 86400
set transform-set SET
match address 102
//Interface configuration
interface FastEthernet0/0
description wan_primary
ip access-group inboundfilter in
ip access-group outboundfilter out
crypto map B2B
interface FastEthernet0/1
ip nat inside
route-map nonat permit 10
match ip address 150
ip nat inside source route-map nonat interface FastEthernet0/0 overload
The cisco 1841 router will you for ssh the aaa authentication method. But the router can not ping over the VPN in the remote LAN. The router can not reach the Radius server. Have anybody an idea to solve this issue?
Best Regards
Markus Thun
