08-06-2019 06:57 AM
Hi good day
I want to ask you a favor if you can help me regarding the vpn connection when I ping the gateway 181.53.244.1 I have connection but between the lan there is no connection that I can be doing wrong my router is a cisco 1100 series thanks for your help
!
license accept end user agreement
license boot suite FoundationSuiteK9
license boot level appxk9
license boot level securityk9
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key c4l1wer address 181.53.244.1
!
!
crypto ipsec transform-set TS-VPN esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map CMAP 10 ipsec-isakmp
set peer 181.53.244.1
set transform-set TS-VPN
match address VPN
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN
ip address 181.143.239.70 255.255.255.248
ip nat outside
negotiation auto
crypto map CMAP
!
interface GigabitEthernet0/0/1
description LAN 13
ip address 192.168.13.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
no ip address
!
ip nat inside source list 13 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 181.143.239.66
!
!
ip access-list extended VPN
permit ip 192.168.13.0 0.0.0.255 192.168.5.0 0.0.0.255
ip access-list extended vpn
!
access-list 13 permit 192.168.13.0 0.0.0.255
Solved! Go to Solution.
08-15-2019 07:01 PM - edited 08-15-2019 07:04 PM
the changes highlight them in red and attach the images
ah hash algorithm is disabled in the firmware disable block wan request if we do it we can ping the 105 now the rgv042g has the vpn connection to the isr 1100 but there is a problem the isr is not communicated to the cisco rgv042g to lan 192.168.5.1 but if we do it from the rgv042g to the isr 1100 if you call 192.168.13.1 I could not solve that detail
attached image
make it clear that I have also tried to completely disable the firmware of the cisco rv042g assuming that the isr 1100 could access the rgv042g but it doesn't communicate
crypto isakmp policy 10
encr des
hash md5
authentication pre-share
group 2
crypto isakmp key Usocali1 address 181.52.244.105
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set TS-VPN esp-des esp-md5-hmac
mode tunnel
crypto map CMAP 10 ipsec-isakmp
set peer 181.52.244.105
set security-association lifetime seconds 86400
set transform-set TS-VPN
set pfs group2
match address VPN
interface GigabitEthernet0/0/0
description WAN
ip address 181.143.239.68 255.255.255.248
ip nat outside
negotiation auto
crypto map CMAP
!
interface GigabitEthernet0/0/1
description LAN-10
ip address 192.168.13.1 255.255.255.0
ip nat inside
negotiation auto
ip nat inside source list 113 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 181.143.239.65
!
!
ip access-list extended VPN
permit ip 192.168.13.0 0.0.0.255 192.168.5.0 0.0.0.255
!
access-list 113 deny ip 192.168.13.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 113 permit ip 192.168.13.0 0.0.0.255 any
Router#ping 181.52.244.105
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 181.52.244.105, timeout is 2 seconds:
!!!!!
Success rate is 0 percent (5/5)
ping 181.52.244.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 181.52.244.1, timeout is 2 seconds:
!!!!!
Success rate is 0 percent (5/5)
ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
08-20-2019 06:05 AM
thank you very much to
Richard Burts, Georg Pauwen for his patience and experience with all the contributions that made these connections possible
I want to add that for the last operation for the isr, the transverse nat of the cisco rgv042g had to be activated once activated as a suggestion the ping confirmation of the isr 1100 will not reach the rgv042g only from the equipment that is configured with static ip
thank you
08-20-2019 07:01 AM
Hello,
NAT Traversal...very good to know for people who have that same problem in the future. Thanks for sharing the info !
08-20-2019 10:59 AM
08-12-2019 10:02 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide