Solved: Ipsec Vpn in PAT configuration

prince.p · ‎12-10-2019

Hi All

I have configured IPsec VPN via PAT configuration in a packet tracer. In this, I could able to ping from R1 to R3 router IP address vice versa

But I can't able to ping from R1 LAN pc to R3 Lan Pc vice versa.

My Network Router 1---- Router 2---- Router 3

Below is my configuration detail of Router1

Router1#sh run
Building configuration...

Current configuration : 1327 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
ip dhcp excluded-address 10.1.0.1 10.1.0.20
!
ip dhcp pool network
network 10.1.0.0 255.255.255.0
default-router 10.1.0.1
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 5
encr 3des
authentication pre-share
group 2
!
crypto isakmp key cisco@123 address 40.165.10.1
!
!
!
crypto ipsec transform-set r1-r3 esp-aes 128 esp-md5-hmac
!
crypto map ipsec-map 10 ipsec-isakmp
set peer 40.165.10.1
set transform-set r1-r3
match address vpn-traffic
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 20.165.10.1 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map ipsec-map
!
interface FastEthernet0/1
ip address 10.1.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 20.165.10.2
!
ip flow-export version 9
!
!
access-list 1 permit 10.1.0.0 0.0.0.255
ip access-list extended vpn-traffic
permit ip 10.1.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 10.1.0.0 0.0.0.255 any
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

Below is my Router 2 configuration

Router2#sh run

Building configuration...

Current configuration : 583 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

ip cef

no ipv6 cef

!

spanning-tree mode pvst

!

interface FastEthernet0/0

ip address 20.165.10.2 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 40.165.10.2 255.255.255.252

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

end

Below is my Router 3 configuration

Router3#sh run
Building configuration...

Current configuration : 1347 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.20
!
ip dhcp pool Router
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 5
encr 3des
authentication pre-share
group 2
!
crypto isakmp key cisco@123 address 20.165.10.1
!
!
!
crypto ipsec transform-set r1-r3 esp-aes 128 esp-md5-hmac
!
crypto map ipsec-map 10 ipsec-isakmp
set peer 20.165.10.1
set transform-set r1-r3
match address vpn-traffic
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 40.165.10.1 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map ipsec-map
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 40.165.10.2
!
ip flow-export version 9
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
ip access-list extended vpn-traffic
permit ip 192.168.1.0 0.0.0.255 10.1.0.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

can anyone help me how to configure IPsec VPN Via PAT configuration