Hi All,
I'm not cisco trained nor ever worked with cisco, im a complete newbie when it comes to Cisco platforms. We are a IT Support MSP and we've recently taken on a customer who has an office abroad using a Cisco 881 device with a Draytek router in the UK. Site to site connectivity is required. I've looked around and watched some youtube videos on how to setup the VPN and believe i have this in place using the below config on the cisco:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key ******** address *******
!
crypto ipsec transform-set sha3des esp-3des esp-sha-hmac
!
crypto map VPN 1 ipsec-isakmp
set peer **********
set transform-set sha3des
set pfs group2
match address UK
!
interface FastEthernet4
ip address <WAN IP> <WAN SUBNET>
ip access-group netbios in
ip access-group netbios out
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
crypto map VPN
!
interface Vlan1
ip address <WAN IP 2> <WAN SUBNET> secondary
ip address <LAN IP> 255.255.255.0
ip access-group netbios in
ip access-group netbios out
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
no ip route-cache cef
no ip route-cache
!
ip access-list extended UK
permit ip <LOCAL LAN> 0.0.0.255 <REMOTE LAN> 0.0.0.255
permit ip <REMOTE LAN> 0.0.0.255 <LOCAL LAN> 0.0.0.255
The VPN shows it up and active but there is no traffic flow between the two and i have no idea why...
Crypto session current status
Interface: FastEthernet4
Session status: UP-ACTIVE
Peer: <REMOTE WAN> port 500
IKEv1 SA: local <LOCAL WAN>/500 remote <REMOTE WAN>/500 Active
IPSEC FLOW: permit ip <REMOTE LAN>/255.255.255.0 <LOCAL LAN>/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip <LOCAL LAN>/255.255.255.0 <REMOTE LAN>/255.255.255.0
Active SAs: 2, origin: crypto map
So it all looks fine, however if i try and ping the remote sites router over the remote LAN ip i get the following:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to <REMOTE IP>, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
I also cannot ping from remote site into the Cisco lan.
I believe this is down to the cisco end, the Draytek is a basic router and no routing is able to be configured. It does it automatically. So the VPN is up, no traffic flow..
Please can someone point me in the right directoin?
Thank You