cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
390
Views
0
Helpful
2
Replies
Highlighted
Beginner

Cisco Router Site 2 Site Tunnel

I have 2 Cisco routers , 1841 and 2811 ,

I need to setup site to site VPN , but i dont now some how it just does not seems to be working ,

Find attached the Configuration along with the

      

<----- 172.31.1.0/24----- DG:172.31.1.1>Cisco 2811<Dialer1 -----//Internet//----------Dialer1>Cisco1841---< DG:10.236.5.254-------------- 10.236.5.0/24--->

Find attached command executed on each router in the below order

1) show ver

2) Show run

3) show logging

4) show crypto ipsec sa

5) show crypto isakmp sa

Debugging enabled on routers are

1)Debug Crypto Isakmp

2) Debug Crypto Ipsec.

Kindly help as this issue has made me almost crazy,

Regards

Hasan Reza .

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Nat exempt on 1841 looks incorrect.

ip nat inside source list nat interface Dialer1 overload

ip access-list extended nat

deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255

deny   ip 10.236.5.0 0.0.0.255 172.30.1.0 0.0.0.255 <--- should be deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255

permit ip 10.236.5.0 0.0.0.255 any ip access-list extended nat

Regards

View solution in original post

2 REPLIES 2
Highlighted
Beginner

Nat exempt on 1841 looks incorrect.

ip nat inside source list nat interface Dialer1 overload

ip access-list extended nat

deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255

deny   ip 10.236.5.0 0.0.0.255 172.30.1.0 0.0.0.255 <--- should be deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255

permit ip 10.236.5.0 0.0.0.255 any ip access-list extended nat

Regards

View solution in original post

Highlighted

Thanks Xie Yao ,

Appreciate your help ,

I have a small question , what if i want to port forwarding for one site of tunnel to a server connected by vpn tunnel.