04-27-2013 06:37 AM
I have 2 Cisco routers , 1841 and 2811 ,
I need to setup site to site VPN , but i dont now some how it just does not seems to be working ,
Find attached the Configuration along with the
<----- 172.31.1.0/24----- DG:172.31.1.1>Cisco 2811<Dialer1 -----//Internet//----------Dialer1>Cisco1841---< DG:10.236.5.254-------------- 10.236.5.0/24--->
Find attached command executed on each router in the below order
1) show ver
2) Show run
3) show logging
4) show crypto ipsec sa
5) show crypto isakmp sa
Debugging enabled on routers are
1)Debug Crypto Isakmp
2) Debug Crypto Ipsec.
Kindly help as this issue has made me almost crazy,
Regards
Hasan Reza .
Solved! Go to Solution.
04-27-2013 07:07 PM
Nat exempt on 1841 looks incorrect.
ip nat inside source list nat interface Dialer1 overload
ip access-list extended nat
deny ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
deny ip 10.236.5.0 0.0.0.255 172.30.1.0 0.0.0.255 <--- should be deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any ip access-list extended nat
Regards
04-27-2013 07:07 PM
Nat exempt on 1841 looks incorrect.
ip nat inside source list nat interface Dialer1 overload
ip access-list extended nat
deny ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
deny ip 10.236.5.0 0.0.0.255 172.30.1.0 0.0.0.255 <--- should be deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any ip access-list extended nat
Regards
04-27-2013 10:24 PM
Thanks Xie Yao ,
Appreciate your help ,
I have a small question , what if i want to port forwarding for one site of tunnel to a server connected by vpn tunnel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide