Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 1801 VPN Problem

Reply
Thread Tools

Cisco 1801 VPN Problem

 
 
Masterx81
Guest
Posts: n/a
 
      03-09-2007
Hi to all...
I have setup a vpn between to sites. The vpn is up, clients from both
parts will ping each other, but each router cannot ping hosts on the
other side (neither the other router).
Tracert show a missing hop, and no application are working between the
VPN.
What can be?
Thanks!

 
Reply With Quote
 
 
 
 
Smokey
Guest
Posts: n/a
 
      03-09-2007
Masterx81 wrote:
> Hi to all...
> I have setup a vpn between to sites. The vpn is up, clients from both
> parts will ping each other, but each router cannot ping hosts on the
> other side (neither the other router).
> Tracert show a missing hop, and no application are working between the
> VPN.
> What can be?
> Thanks!
>


The crystal ball seems to be broke right now, mayber posting some of the
config would help?
 
Reply With Quote
 
 
 
 
Masterx81
Guest
Posts: n/a
 
      03-09-2007
Thanks for the attention...
I have tryied 3 times with long posts, with detailed description, and
no one has helped me... So i have tought that long posts = too long to
read. So i have made a 'restriction', waiting someone...

This is the config of the router at the brach office:
!This is the running config of the router: xxxx
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone xxx 1
clock summer-time xxx date Mar 30 2003 2:00 Oct 26 2003 3:00
clock calendar-valid
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool Magazzino
import all
network 192.168.201.0 255.255.255.0
dns-server 192.168.201.200
netbios-name-server 192.168.200.1
default-router 192.168.201.220
!
ip dhcp pool PCROBERT
host 192.168.201.1 255.255.255.0
client-identifier 0100.18f3.639a.cf
dns-server 192.168.201.200
netbios-name-server 192.168.200.1
client-name PCROBERTOMAGA
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name ruscallarenato.it
ip name-server 151.99.125.2
ip name-server 151.99.0.100
ip name-server 192.168.200.1
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
!
!
crypto pki trustpoint TP-self-signed-1097497397
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1097497397
revocation-check none
rsakeypair TP-self-signed-1097497397
!
!
crypto pki certificate chain TP-self-signed-1097497397
certificate self-signed 01
useless
quit
username xxx privilege 15 secret 5 xxxx
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxx address yy.yy.yy.yy
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to yy.yy.yy.yy
set peer yy.yy.yy.yy
set transform-set ESP-3DES-SHA
match address 100
!
bridge irb
!
!
!
interface FastEthernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 40bit 7 xyz transmit-key
encryption mode wep mandatory
!
ssid CISCO
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
shutdown
!
encryption key 1 size 40bit 7 8522D5CAB7D5 transmit-key
encryption mode wep mandatory
!
ssid CISCO
authentication open
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode itu-dmt
!
interface ATM0.1 point-to-point
ip address xx.xx.xx.xx 255.255.255.224
ip access-group 101 in
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
!
crypto map SDM_CMAP_1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.201.200 255.255.255.0
ip access-group 110 in
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip dns server
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
!
logging trap debugging
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.201.0 0.0.0.255 192.168.200.0
0.0.0.255
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip host yy.yy.yy.yyy any
access-list 101 permit icmp host yy.yy.yyy.yyy any
access-list 101 permit icmp any any echo-reply
access-list 101 remark Auto generated by SDM for NTP (123)
193.204.114.233
access-list 101 permit udp host 193.204.114.233 eq ntp any eq ntp
access-list 101 remark Auto generated by SDM for NTP (123)
193.204.114.232
access-list 101 permit udp host 193.204.114.232 eq ntp any eq ntp
access-list 101 permit tcp any 192.168.201.0 0.0.0.255 established
access-list 101 permit udp any any gt 1023
access-list 101 permit udp any any eq domain
access-list 101 permit tcp any any established
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny icmp any any
access-list 101 deny ip any any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip any any
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip any any
access-list 105 remark SDM_ACL Category=2
access-list 105 remark IPSec Rule
access-list 105 deny ip 192.168.201.0 0.0.0.255 192.168.200.0
0.0.0.255
access-list 105 permit ip 192.168.201.0 0.0.0.255 any
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 105
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 102 in
exec-timeout 0 0
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 103 in
exec-timeout 0 0
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17180045
ntp master
ntp update-calendar
ntp server 193.204.114.232 prefer
ntp server 193.204.114.233
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end


Very thanks!!!

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CISCO 1801 DNS problem marsav Hardware 2 07-05-2009 10:41 PM
1801 VPN multiple clients Steven Carr Cisco 4 03-16-2008 10:22 PM
VPN troubleshoot missing hop W/ Cisco 1801 Masterx81 Cisco 1 03-08-2007 10:43 AM
Cisco 1801, VPN and routing problem. Masterx81 Cisco 0 03-05-2007 10:58 PM
ADSL ET RNIS SUR CISCO 1801 kokba@menara.ma Cisco 0 10-10-2005 02:57 PM



Advertisments