Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1777
Views
0
Helpful
15
Replies

Cisco 2800 Router w/ VPN connection, but no VPN traffic

cooljoe04
Level 1
Level 1

‎03-04-2015 01:10 PM - edited ‎03-05-2019 12:56 AM

I am trying to get a basic understanding of the process of how the routers works so that I can try and troubleshoot things myself as I add more configuration to the system. Currently I am at a very basic level of understanding and have gotten internet access through the router and appear to have achieved an active VPN connection between this router and my endpoint which is a Netgear VPN router, as both diagnostics show that the VPN connection is active, but the traffic counters are at 0. I am not able to get any traffic to talk across the network though and believe it to be as a result of the NAT or lack of an ACL blocking the traffic, but I may be way off. If I can get this working, I would like to dive into adding VLANs to this unit for a couple different networks and inter-routing them as well, in case that would change anyone's answer to my problem. Any help would be appreciated. I feel like it is something easy that I am overlooking. My config is as follows:

 

Building configuration...

Current configuration : 1765 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname "HOSTNAME HERE"
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
ip name-server "ISP PRIMARY DNS IP"
ip name-server "ISP SECONDARY DNS IP"
!
no ftp-server write-enable
!
!
!
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ABCD123456 address "PEER STATIC IP HERE"
!
crypto ipsec transform-set esp-3des-md5 esp-3des esp-md5-hmac
!
!
crypto map shop 20 ipsec-isakmp
 set peer "PEER STATIC IP HERE"
 set transform-set esp-3des-md5
 match address 100
!
!
!
interface FastEthernet0/0
 description LAN Interface
 ip address 192.168.27.1 255.255.255.0
 ip nat inside
 ip nat enable
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description WAN Interface
 ip address "WAN IP HERE" 255.255.255.248
 ip nat outside
 ip nat enable
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 crypto map shop
!
ip default-gateway "GATEWAY IP HERE"
ip classless
ip route 0.0.0.0 0.0.0.0 "GATEWAY IP HERE"
!
no ip http server
no ip http secure-server
ip nat pool internet "WAN IP(s) HERE" prefix-length 30
ip nat inside source list 1 pool internet overload
!
ip access-list extended inside
!
access-list 1 permit 192.168.27.0 0.0.0.255
access-list 100 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
no cdp run
!
!
control-plane
!
!
line con 0
 password password1
 login
line aux 0
 password password1
 login
line vty 0 4
 password password1
 login
!
end

 

 

 

Labels:
0 Helpful
15 Replies 15

Roberto Kippins
Level 1
Level 1
In response to cooljoe04

‎03-07-2015 02:05 PM

Hi remove these two commands from your config :

access-list 1 permit 192.168.27.0 0.0.0.255

ip nat inside source list 1 pool internet overload

just add a no infront of it

no access-list 1

no ip nat inside source list 1 pool internet overload

then test your vpn

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card