ā03-30-2023 06:21 AM
Please I need help to rectify my ipsec vpn Thanks in anticipation
ā03-30-2023 06:22 AM
The #show crypto isakmp policy is not showing any result. Also the WAN interface is a loopback interface.
ā03-30-2023 06:32 AM
share the config
ā03-30-2023 06:56 AM - edited ā03-30-2023 06:57 AM
!--- These are the Internet Key Exchange (IKE) parameters.
crypto isakmp policy 10
encr aes-256
hash sha-256
group 14
lifetime 28800
authentication pre-share
crypto isakmp key @S8ftW0rKs_WemS! address 195.43.215.1
!
!
!--- These are the IPSec parameters.
access-list 105 permit ip 204.242.130.30 0.0.0.0 172.27.5.41 0.0.0.0
!
crypto map wema_map 10 ipsec-isakmp
set peer 195.43.215.1
set transform-set wema_set
match address 105
crypto ipsec transform-set wema_set esp-aes-256 esp-sha-hmac
!
!--- Encrypt traffic to the other side.
!
interface l0
ip nat outside
crypto map wema_map
!
interface g0/1
ip nat inside
!
!
ip route 172.27.5.40 255.255.255.255 65.173.38.26
ā03-30-2023 06:58 AM
this not complete config
there is NAT so I think the issue is there
you must deny traffic from ip 204.242.130.30 0.0.0.0 172.27.5.41 0.0.0.0 in ACL or NAT
otherwise the traffic NATing not encrypt
ā03-30-2023 07:06 AM
Thanks for your response.
This is a single IP permitted to talk to a single node at the remote end.
ā03-30-2023 07:10 AM
access-list 105 permit ip host 204.242.130.30 0.host172.27.5.41 <<- the wildcard must be 255.255.255.255 if it host
even so you need to exclude this traffic from NATing
ā03-30-2023 07:45 AM
Oh well, I thought the wildcard for a single node should be 0.0.0.0.
Please assist with the NATing config to apply. Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide