ā03-30-2023 06:21 AM
Please I need help to rectify my ipsec vpn Thanks in anticipation
ā03-30-2023 06:22 AM
The #show crypto isakmp policy is not showing any result. Also the WAN interface is a loopback interface.
ā03-30-2023 06:32 AM
share the config
ā03-30-2023 06:56 AM - edited ā03-30-2023 06:57 AM
!--- These are the Internet Key Exchange (IKE) parameters.
crypto isakmp policy 10
encr aes-256
hash sha-256
group 14
lifetime 28800
authentication pre-share
crypto isakmp key @S8ftW0rKs_WemS! address 195.43.215.1
!
!
!--- These are the IPSec parameters.
access-list 105 permit ip 204.242.130.30 0.0.0.0 172.27.5.41 0.0.0.0
!
crypto map wema_map 10 ipsec-isakmp
set peer 195.43.215.1
set transform-set wema_set
match address 105
crypto ipsec transform-set wema_set esp-aes-256 esp-sha-hmac
!
!--- Encrypt traffic to the other side.
!
interface l0
ip nat outside
crypto map wema_map
!
interface g0/1
ip nat inside
!
!
ip route 172.27.5.40 255.255.255.255 65.173.38.26
ā03-30-2023 06:58 AM
this not complete config
there is NAT so I think the issue is there
you must deny traffic from ip 204.242.130.30 0.0.0.0 172.27.5.41 0.0.0.0 in ACL or NAT
otherwise the traffic NATing not encrypt
ā03-30-2023 07:06 AM
Thanks for your response.
This is a single IP permitted to talk to a single node at the remote end.
ā03-30-2023 07:10 AM
access-list 105 permit ip host 204.242.130.30 0.host172.27.5.41 <<- the wildcard must be 255.255.255.255 if it host
even so you need to exclude this traffic from NATing
ā03-30-2023 07:45 AM
Oh well, I thought the wildcard for a single node should be 0.0.0.0.
Please assist with the NATing config to apply. Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: