11-16-2011 09:20 PM
Hi,
I have been working on this for a couple days now and need some help.
I have a site to site VPN using two Cisco 2901 Routers. Example below. (IP's have been modified).
Cisco CCP verify's that I have an active vpn connection. I can ping from a client PC on R2 (192.168.2.21) to the internal address on R1 192.168.1.1
I can't ping any other address on the .1. side. (i.e. 192.168.1.2 - Server, 192.168.1.3 - WAP)
I can't ping anything on the .2. network from a client on .1 side.
I checked both routers and they are identical.
Seems like possibly a acl problem but I'm stumped.
I attached both configurations. (IP's modified). Both routers also have a VPN-Client setup but I don't believe that should affect it.
Let me know if you need any show crytos
Thanks
12-06-2011 01:09 AM
Hello Chris, hope you must be doing fine! have you got the response or you still looking for further response. Please mark this as answered and also rate the discussion incase your query is resolved. Appreciate your time. Regards, Ankur Community Manager: Security and VPN
05-23-2012 08:40 AM
Hello. I am working on getting site to site vpn tunnel built between a 2811 router and UC-540. I have some issues with defining access-lists. The private ip's on both the ends are in same range. Not sure on how to define access-lists and got an error while defining these access-lists.
2811 privae ip's- 10.1.0.0 0.0.255.255, 192.168.0.0 0.0.255.255
UC-540 private ip's- 10.1.1.0 0.0.0.255 192.168.10.0 0.0.0.255
Ho can i define valid access-lists in this case.
As of now i tried doing this
ip access-list extended VPN_To_XXXXX_Allowed
permit ip 192.168.0.0 0.0.255.255 10.1.1.0 0.0.0.255
permit ip 10.1.0.0 0.0.255.255 10.1.1.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 192.168.10.0 0.0.0.255
permit ip 10.1.0.0 0.0.255.255 192.168.10.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 10.1.1.0 0.0.0.255 10.1.0.0 0.0.255.255
permit ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.10.0 0.0.0.255 10.1.0.0 0.0.255.255
deny ip any any
07-10-2012 12:32 PM
Didn't notice your question Harish sorry for the late reply. I'm not sure if this is your problem but I had to make the private LAN IP's in a different range for it to work properly for me. (I.e. 10.1.0.0 and 10.1.1.0)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide