Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
0
Replies

VPN tunnel access-list doesn't work anymore?

jeroen001111
Level 1
Level 1

‎02-03-2020 05:25 AM - edited ‎02-03-2020 05:26 AM

Strange things happen...what worked earlier, doesn't work anymore.

 

When i have the vpn tunnel up (192.168.253.24), i can't ping the lan on the other side (for instance 192.168.1.77)

When i connect to the router using putty, i can ping 192.168.1.77 from the router.

Now i know that when i use tracert 192.168.1.77, the first hop is the public ip address from the other router. So i can assume that my tunnel is working. But all other hops are a request timed out.

My laptop (connected to router A) gets ip 192.168.253.24 from router B as soon i have the tunnel enabled between router A and B.

 

Config is as follows:

 

crypto isakmp policy 1
encr 3des
authentication pre-share
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
crypto isakmp key AAA address 178.85.x.x
!
crypto isakmp client configuration group vpnclient
key AAA
dns 8.8.8.8
domain home.local
pool ipvpnpool
acl 105
!
!
crypto ipsec transform-set MySet esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto dynamic-map dynmap 10
set transform-set MySet
reverse-route

crypto map MyMap client authentication list userauthen
crypto map MyMap isakmp authorization list groupauthor
crypto map MyMap client configuration address respond
crypto map MyMap 1 ipsec-isakmp
set peer X.X.X.X
set security-association lifetime seconds 86400
set transform-set MySet
match address 101
crypto map MyMap 20 ipsec-isakmp dynamic dynmap

crypto map MyMap
!
ip local pool ipvpnpool 192.168.253.10 192.168.253.30

 

ip nat inside source list 102 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1

!
dialer-list 1 protocol ip permit
no cdp run
!
route-map nonat permit 10
match ip address 103
!

access-list 101 remark Cryptomap-IPSEC-VPN-BM
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.253.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.253.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.50.0 0.0.0.255 any
access-list 102 deny ip 192.168.50.0 0.0.0.255 192.168.253.0 0.0.0.255
access-list 102 permit ip 192.168.51.0 0.0.0.255 any
access-list 103 remark nat rules
access-list 103 deny ip 192.168.1.0 0.0.0.255 192.168.253.0 0.0.0.255
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 permit ip 192.168.50.0 0.0.0.255 any
access-list 103 permit ip 192.168.51.0 0.0.0.255 any
access-list 105 permit ip 192.168.1.0 0.0.0.255 192.168.253.0 0.0.0.255

 

Can anyone shed some light on to this?

Any help much appreciated !!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents