Re: Linksys to Cisco IOS LAN to LAN VPN

rbradfield · ‎05-31-2005

just got our first Linksys DSL gateway (WAG54G) to play with. works well as a DSL gateway and can run vpn clients through it ok. But I cannot get it to work properly as a Lan to Lan vpn gateway. The Isakmp SA and the Ipsec SAa are negotiated ok, but I cannot pass traffic between the lan devices. The Cisco Router I am connecting to, has a number of other VPN tunnels terminating on it so I am pretty sure the Cisco config is ok. So has anybody got the full config required on the Linksys box. Do I need some static routes or filters to be configured, though I have tried both making no difference.

any ideas most welcome

justindd1 · ‎05-31-2005

The "trick" that you are probably missing if you have got the boxes establising tunnels is that you most likely set up your ACL for the crypto map as symetric.

If you set it as "access-list extendec permit ip "

without adding the reverse route, it will probably work fine.

rbradfield · ‎06-01-2005

No I have that setup ok, same as my opther sites see below.

I have been looking into it further and I see the packets arriving from the linksys, go to the host and the host responding, i also see when you do a show crypto ipsec sa that the encrypted and decrypted packets are incrementing, So I am pretty sure it is something on the Linksys, I have opened a case with them!

crypto map IPSec-VPN1 60 ipsec-isakmp

set peer 165.228.211.62

set transform-set CHELTENHAM rtpset1 rtpset2 rtpset3 rtpset4 rtpset5

set pfs group2

match address CHELTEST

ip access-list extended CHELTEST

permit ip 172.16.0.0 0.0.255.255 172.16.83.0 0.0.0.255

RB

dwalsh · ‎06-07-2005

Try removing the PFS setting on both sides to see if that works.

Dave