Solved: Vpn connection to lan no answer cisco 1100 series - Page 5

unidadso · ‎08-06-2019

Hi good day

I want to ask you a favor if you can help me regarding the vpn connection when I ping the gateway 181.53.244.1 I have connection but between the lan there is no connection that I can be doing wrong my router is a cisco 1100 series thanks for your help

!

license accept end user agreement
license boot suite FoundationSuiteK9
license boot level appxk9
license boot level securityk9
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key c4l1wer address 181.53.244.1
!
!
crypto ipsec transform-set TS-VPN esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map CMAP 10 ipsec-isakmp
set peer 181.53.244.1
set transform-set TS-VPN
match address VPN
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN
ip address 181.143.239.70 255.255.255.248
ip nat outside
negotiation auto
crypto map CMAP
!
interface GigabitEthernet0/0/1
description LAN 13
ip address 192.168.13.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
no ip address
!
ip nat inside source list 13 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 181.143.239.66
!
!
ip access-list extended VPN
permit ip 192.168.13.0 0.0.0.255 192.168.5.0 0.0.0.255
ip access-list extended vpn
!
access-list 13 permit 192.168.13.0 0.0.0.255

unidadso · ‎08-15-2019

the changes highlight them in red and attach the images


ah hash algorithm is disabled in the firmware disable block wan request if we do it we can ping the 105 now the rgv042g has the vpn connection to the isr 1100 but there is a problem the isr is not communicated to the cisco rgv042g to lan 192.168.5.1 but if we do it from the rgv042g to the isr 1100 if you call 192.168.13.1 I could not solve that detail

attached image
make it clear that I have also tried to completely disable the firmware of the cisco rv042g assuming that the isr 1100 could access the rgv042g but it doesn't communicate

crypto isakmp policy 10
encr des
hash md5
authentication pre-share
group 2
crypto isakmp key Usocali1 address 181.52.244.105

crypto ipsec security-association lifetime seconds 86400

crypto ipsec transform-set TS-VPN esp-des esp-md5-hmac
mode tunnel

crypto map CMAP 10 ipsec-isakmp
set peer 181.52.244.105

set security-association lifetime seconds 86400
set transform-set TS-VPN
set pfs group2
match address VPN

interface GigabitEthernet0/0/0
description WAN
ip address 181.143.239.68 255.255.255.248
ip nat outside
negotiation auto
crypto map CMAP
!
interface GigabitEthernet0/0/1
description LAN-10
ip address 192.168.13.1 255.255.255.0
ip nat inside
negotiation auto

ip nat inside source list 113 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 181.143.239.65
!
!
ip access-list extended VPN
permit ip 192.168.13.0 0.0.0.255 192.168.5.0 0.0.0.255
!
access-list 113 deny ip 192.168.13.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 113 permit ip 192.168.13.0 0.0.0.255 any

Router#ping 181.52.244.105
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 181.52.244.105, timeout is 2 seconds:
!!!!!
Success rate is 0 percent (5/5)

ping 181.52.244.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 181.52.244.1, timeout is 2 seconds:
!!!!!
Success rate is 0 percent (5/5)

ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

unidadso · ‎08-20-2019

thank you very much to
Richard Burts, Georg Pauwen for his patience and experience with all the contributions that made these connections possible
I want to add that for the last operation for the isr, the transverse nat of the cisco rgv042g had to be activated once activated as a suggestion the ping confirmation of the isr 1100 will not reach the rgv042g only from the equipment that is configured with static ip
thank you

Georg Pauwen · ‎08-20-2019

Hello,

NAT Traversal...very good to know for people who have that same problem in the future. Thanks for sharing the info !

unidadso · ‎08-20-2019

again thanks to you the truth if the configuration of this device was disproportionate

unidadso · ‎08-12-2019

annex connection by ip was also made by rank without successful connection in the same way I show connection between 2 cisco rgv0242g with successful connection to vpn