I've been trying to setup a site to site VPN between two routers and it looks like the tunnel is active but I can't seem to ping from one site to the other. I will admit that I inherited the router configuration at one site (R1) and don't completely understand all of the security settings. I have attached the sanitized configuration from both routers (R1 and R2).
I'm trying to ping from a device at 10.129.53.199 connected to R1 to a device at 192.168.42.3 connected to R2 (and visa versa) with not success.
Any insight would be appreciated.
the first thing I noticed is that you don't have a default route on either router. So, try and configure the below:
ip route 0.0.0.0 0.0.0.0 Port-channel1.103
ip route 0.0.0.0 0.0.0.0 FastEthernet4
to be honest, the addressing looks odd, as you are NATting to private addresses. Either way, assuming that is ok, I think you are missing access list 102 (the access list matched in the crypto map) on R1. So on R1, configure:
access-list 102 permit ip 10.129.53.0 0.0.0.255 192.168.42.0 0.0.0.255
That said, you also have 10.129.52.0/24 on R1, does that need to be reachable as well ?
I swapped our real public external IP addresses with those private IP addresses for anonymity.
I've added the access list an there has been no change.
I'm really only setting up communication with the 1 VLAN on R1.
I had to wait until the end of the day so as not to interrupt users at the R1 site but removing the zone based security from the port channels had no effect on the ability to ping between sites.
I really do appreciate your help thus far.
Can you ping between the public WAN IP addresses?
Do you have a route to 192.168.42.0 0.0.0.255 on R1 and a route to 10.129.53.0 0.0.0.255 on R2. The routes should be pointed out the WAN interface.
It is not clear to me whether the problem has to do with getting the vpn tunnel working or has to do with controlling traffic going through the tunnel. Can you post the output of show crypto ipsec sa (preferable from both routers)? This will help point us in the right direction.