cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
739
Views
5
Helpful
2
Replies

CISCO VPN site to site

I have a problem to connect VPN modem/router CISCO 887 9 VA-WE-K to  CISCO WRV210. My internal networks work well, as ADSL connections.

I can create a VPN connection between two routers as I see on the  WRV210 the state of the tunnel is connected. (No error message in the  log). However, they do not communicate. When I try to ping the router  887 to the other internal network does not work, and vice versa.

Here is my configuration CISCO 887:

Building configuration...

Current configuration : 2989 bytes
!
! Last configuration change at 15:08:03 UTC Sun Nov 18 2012
! NVRAM config last updated at 00:04:33 UTC Sun Nov 18 2012
! NVRAM config last updated at 00:04:33 UTC Sun Nov 18 2012
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LEHAVRE
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXXXXXXX
enable password 7 XXXXXXXX
!
no aaa new-model
crypto pki token default removal timeout 0
!
!
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.1.103
!
ip dhcp pool DHCP_LEHAVRE
 network 192.168.10.0 255.255.255.0
 default-router 192.168.10.103
 dns-server 192.168.10.103
 domain-name lehavre.local
!
!
ip domain name lehavre.local
no ipv6 cef
!
!
license udi pid C887VA-W-E-K9 sn FCZ1644C0U0
!
!
username LeHavre privilege 15 secret 4 XXXXXXXX
!
!
!
!
controller VDSL 0
!
ip ssh version 2
!
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key XXXXXXXX address 82.101.5.XXX
!
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
 set peer 82.101.5.XXX
 set transform-set TS
 match address VPN-TRAFFIC
!
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 crypto map CMAP
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface Ethernet0
 no ip address
 shutdown
 no fair-queue
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
 shutdown
!
interface FastEthernet2
 no ip address
 shutdown
!
interface FastEthernet3
 no ip address
 shutdown
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 no ip address
!
interface wlan-ap0
 description Embedded Service module interface to manage the embedded AP
 no ip address
 shutdown
!
interface Vlan1
 ip address 192.168.10.103 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1412
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname fti/XXXXXXX
 ppp chap password 7 XXXXXXXX
 ppp ipcp dns request
 ppp ipcp route default
 crypto map CMAP
!
no ip forward-protocol nd
ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended VPN-TRAFFIC
 permit ip 192.168.10.0 0.0.0.255 192.168.101.0 0.0.0.255
!
access-list 1 permit any

dialer-list 1 protocol ip permit

! ! ! ! snmp-server community public RO ! line con 0 password 7 XXXXXXX login line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line vty 0 4 password 7 XXXXXXXXX login local transport input ssh ! scheduler allocate 20000 1000 end

Info :

LEHAVRE#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
92.132.127.XXX   82.101.5.XXX    QM_IDLE           2013 ACTIVE

IPv6 Crypto ISAKMP SA 

A little help will be welcome. Thank you VERY MUCH in advance.

2 Replies 2

Solution :

ip access-list extended PERMIT-NAT
 deny   ip 192.168.10.0 0.0.0.255 192.168.101.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 any
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
route-map SDM_RMAP_1 permit 1
 match ip address PERMIT-NAT
!

Great job

Please mark this one as solved, so others could learn from it.

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: