Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
274
Views
3
Helpful
1
Replies

How to configure all trafic remote site over VPN tunnel to the main office

Nik_Meeus
Level 1
Level 1

‎06-22-2005 07:04 AM - edited ‎02-21-2020 01:50 PM

At the moment I have a test setup:

- Main office Cisco 1841 (LAN 206.182.115.0/24)

- Remote office Cisco 831 (LAN 192.168.10.0/24)

There is a VPN tunnel between both but only traffic (206.182.115.x)for the main office is going over the VPN tunnel. How do I configure this so that all traffic from the remote office is going over the VPN tunnel. I've tried to change the ACL but without success.

Config 831:

!This is the running config of the router: 192.168.10.1

!----------------------------------------------------------------------------

!version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname SP_BARCA

!

no logging buffered

!

clock timezone Paris 1

clock summer-time Paris date Mar 30 2003 2:00 Oct 26 2003 3:00

no aaa new-model

ip subnet-zero

ip domain name ke.local

ip name-server 193.121.171.135

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 192.168.10.1 192.168.10.99

!

ip dhcp pool CLIENT

import all

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

domain-name ke.local

dns-server 206.182.115.4 206.182.115.12

netbios-name-server 206.182.115.4

lease 8

!

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key 0 xxxxxxxx address 81.188.68.164

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to81.188.68.164

set peer 81.188.68.164

set transform-set ESP-3DES-SHA

match address 100

!

!

!

!

interface Ethernet0

description $ETH-LAN$

ip address 192.168.10.1 255.255.255.0

ip nat inside

no cdp enable

hold-queue 32 in

!

interface Ethernet1

description $ETH-WAN$

ip address 195.207.53.12 255.255.255.248

ip nat outside

duplex auto

no cdp enable

crypto map SDM_CMAP_1

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip nat inside source route-map SDM_RMAP_1 interface Ethernet1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet1 permanent

ip http server

no ip http secure-server

!

access-list 23 remark SDM_ACL Category=16

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 100 remark SDM_ACL Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip 192.168.10.0 0.0.0.255 206.182.115.0 0.0.0.255

access-list 102 remark SDM_ACL Category=16

access-list 102 remark IPSec Rule

access-list 102 deny ip 192.168.10.0 0.0.0.255 206.182.115.0 0.0.0.255

access-list 102 permit ip 192.168.10.0 0.0.0.255 any

route-map SDM_RMAP_1 permit 1

match ip address 102

!

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

login local

transport input telnet ssh

!

scheduler max-task-time 5000

!

end

Labels:
0 Helpful
1 Reply 1

johansens
Level 4
Level 4

‎06-22-2005 07:29 AM

It's your ACL's which need some modification:

on the 1841 your ACL must be the reverse of the 831 like this:

access-list 100 permit ip any 192.168.10.0 0.0.0.255

on the 831 your ACL must be a "LAN to any" like this:

access-list 100 permit ip 192.168.10.0 0.0.0.255 any

Is this what you have already tried?

Customers Also Viewed These Support Documents