cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
624
Views
0
Helpful
2
Replies

Cisco Router Site 2 Site Tunnel

hasanreza
Level 1
Level 1

I have 2 Cisco routers , 1841 and 2811 ,

I need to setup site to site VPN , but i dont now some how it just does not seems to be working ,

Find attached the Configuration along with the

      

<----- 172.31.1.0/24----- DG:172.31.1.1>Cisco 2811<Dialer1 -----//Internet//----------Dialer1>Cisco1841---< DG:10.236.5.254-------------- 10.236.5.0/24--->

Find attached command executed on each router in the below order

1) show ver

2) Show run

3) show logging

4) show crypto ipsec sa

5) show crypto isakmp sa

Debugging enabled on routers are

1)Debug Crypto Isakmp

2) Debug Crypto Ipsec.

Kindly help as this issue has made me almost crazy,

Regards

Hasan Reza .

1 Accepted Solution

Accepted Solutions

XIE YAO
Level 1
Level 1

Nat exempt on 1841 looks incorrect.

ip nat inside source list nat interface Dialer1 overload

ip access-list extended nat

deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255

deny   ip 10.236.5.0 0.0.0.255 172.30.1.0 0.0.0.255 <--- should be deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255

permit ip 10.236.5.0 0.0.0.255 any ip access-list extended nat

Regards

View solution in original post

2 Replies 2

XIE YAO
Level 1
Level 1

Nat exempt on 1841 looks incorrect.

ip nat inside source list nat interface Dialer1 overload

ip access-list extended nat

deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255

deny   ip 10.236.5.0 0.0.0.255 172.30.1.0 0.0.0.255 <--- should be deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255

permit ip 10.236.5.0 0.0.0.255 any ip access-list extended nat

Regards

Thanks Xie Yao ,

Appreciate your help ,

I have a small question , what if i want to port forwarding for one site of tunnel to a server connected by vpn tunnel.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: