Re: Problems with cisco 827h

edgar-quintana · ‎08-06-2006

Hi, I?ve a 827h using c820-k9osy6-mz.123-8.T11.bin IOS version.

I try to configure a vpn with ipsec 3des pre-share key.

In my site is the 827h, in the other site a 1721.

Using SDM with the 1721, the software says that the vpn tunnel is up...but I can not ping machines.

My configuration (827H) is here added...

spremkumar · ‎08-06-2006

Hi

Two things which i wanted to point out here is the definition of interesting traffic and NATting the whole traffic going out.

You shouldnt nat the traffic pointed towards your remote vpn location(remote LAN) also the interesting traffic for encryption do configure the acl matching the lan to lan traffic.

for more info do refer this link..

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ef.shtml

regds

globalnettech · ‎08-07-2006

Hello,

with the current configuration, all your traffic is translated to the address of the ATM 0.1 interface. You already have access list 100 defined, but I think you are missing a few lines. Try and add the following:

ip Nat inside source route-map nonat interface ATM0.1 overload

access-list 100 deny ip 192.168.155.0 0.0.0.255 192.168.156.0 0.0.0.255

access-list 100 permit ip 192.168.155.0 0.0.0.255 any

!

route-map nonat permit 10

match ip address 100

Can you try this and check if it makes a difference ?

Regards,

GNT

edgar-quintana · ‎08-07-2006

Hi,

Thank you very much for reading and quickly response...

Today I can not try your new configuration, but this week I?ll try and I?ll answer you if there is any change ok?

Best regards!!!!!

edgar-quintana · ‎08-10-2006

Hi,

I?ve added a new vpn connection and insert your recomendation but noting... still getting the same error.

This is my configuration file: