Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
2
Replies

VPN between two 827

pgasol
Level 1
Level 1

‎09-17-2002 08:13 AM - edited ‎02-21-2020 12:03 PM

Hi, I've configured two Cisco 827 with a VPN but it doesn't work.

I don't any idea why. Can anybody help me?

Both have this IOS c820-k8osy6-mz.122-2.T4.bin

This is the configuration of the first router:

Almeria#sh run

Building configuration...

Current configuration : 2860 bytes

!

version 12.2

no parser cache

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Almeria

!

logging rate-limit console 10 except errors

enable secret 5 $1iaeN5ZTQuELVXQEZv1

!

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

no ip dhcp-client network-discovery

!

crypto isakmp policy 20

hash md5

authentication pre-share

group 2

crypto isakmp key verde address 200.100.12.212

!

crypto ipsec transform-set miadsl esp-des esp-md5-hmac

!

crypto map mimapa 10 ipsec-isakmp

set peer 200.100.12.212

set transform-set miadsl

match address 101

!

!

interface Ethernet0

ip address 172.2.2.99 255.255.255.0

ip nat inside

!

interface ATM0

no ip address

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address 200.100.12.217 255.255.255.240

ip nat outside

pvc 8/32

encapsulation aal5snap

!

crypto map mimapa

!

ip nat inside source list 1 interface ATM0.1 overload "I can´t erase this line"

ip nat inside source route-map nonat interface ATM0.1 overload

ip nat inside source static tcp 172.2.2.99 23 200.100.12.217 23 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 192.168.100.0 255.255.255.0 200.100.12.212

no ip http server

!

access-list 101 permit ip 172.2.2.0 0.0.0.255 192.168.100.0 0.0.0.255

access-list 110 deny ip 172.2.2.0 0.0.0.255 192.168.100.0 0.0.0.255

access-list 110 permit ip 172.2.2.0 0.0.0.255 any

route-map nonat permit 10

match ip address 110

!

!

line con 0

stopbits 1

line vty 0 4

password 7 1316161E0A1

login

!

scheduler max-task-time 5000

end

This is the configuration of the second router:

Barcelona#sh run

Building configuration...

Current configuration : 1759 bytes

!

version 12.2

no parser cache

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Barcelona

!

logging rate-limit console 10 except errors

enable secret 5 $1$MZtHAAIVm/vno0l0

!

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

no ip dhcp-client network-discovery

!

crypto isakmp policy 20

hash md5

authentication pre-share

group 2

crypto isakmp key verde address 200.100.12.217

!

crypto ipsec transform-set miadsl esp-des esp-md5-hmac

!

crypto map mimapa 10 ipsec-isakmp

set peer 200.100.12.217

set transform-set miadsl

match address 101

!

interface Ethernet0

ip address 192.168.100.250 255.255.255.0

ip nat inside

no ip route-cache

no ip mroute-cache

!

interface ATM0

no ip address

no ip route-cache

no ip mroute-cache

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

hold-queue 224 in

!

interface ATM0.1 point-to-point

ip address 200.100.12.212 255.255.255.240

ip nat outside

no ip route-cache

no ip mroute-cache

pvc 8/32

encapsulation aal5snap

!

crypto map mimapa

!

ip nat inside source route-map nonat interface ATM0.1 overload

ip nat inside source static tcp 192.168.100.250 23 200.100.12.212 23 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 172.2.2.0 255.255.255.0 200.100.12.217

ip http server

!

access-list 101 permit ip 192.168.100.0 0.0.0.255 172.2.2.0 0.0.0.255

access-list 110 deny ip 192.168.100.0 0.0.0.255 172.2.2.0 0.0.0.255

access-list 110 permit ip 192.168.100.0 0.0.0.255 any

route-map nonat permit 10

match ip address 110

!

!

line con 0

stopbits 1

line vty 0 4

password 7 0612D4D5

login

!

scheduler max-task-time 5000

end

I ping to 172.2.2.150 ( a device of the LAN of Almeria) from Barcelona and I recive this U...U

If I put debug crypto ipsec and debug crypto isakmp i don't get nothing

I boss have told me that must work tomorrow, so I need your help please!!!!

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

mmellet
Level 3
Level 3

‎09-23-2002 01:44 PM

The reason you can't remove that line is you have to take NAT off the interfaces and do a clear ip nat translation table command before you can remove it. You may want to open a case with Cisco on the issue of pinging the 172.2.2.150 address. The NAT and access lists look okay - this might be a crypto issue.

0 Helpful

pmpc
Level 1
Level 1

‎11-22-2002 10:21 PM

Did you ever get it working? I'm trying to use two 827s in a similar manner but I can't get a VPN established either. I'm beginning to wonder if you can use two 827s pont to point.

Thanks

0 Helpful
Customers Also Viewed These Support Documents