Cisco 1801 VPN Problem

Discussion in 'Cisco' started by Masterx81, Mar 9, 2007.

  1. Masterx81

    Masterx81 Guest

    Hi to all...
    I have setup a vpn between to sites. The vpn is up, clients from both
    parts will ping each other, but each router cannot ping hosts on the
    other side (neither the other router).
    Tracert show a missing hop, and no application are working between the
    VPN.
    What can be?
    Thanks!
     
    Masterx81, Mar 9, 2007
    #1
    1. Advertising

  2. Masterx81

    Smokey Guest

    Masterx81 wrote:
    > Hi to all...
    > I have setup a vpn between to sites. The vpn is up, clients from both
    > parts will ping each other, but each router cannot ping hosts on the
    > other side (neither the other router).
    > Tracert show a missing hop, and no application are working between the
    > VPN.
    > What can be?
    > Thanks!
    >


    The crystal ball seems to be broke right now, mayber posting some of the
    config would help?
     
    Smokey, Mar 9, 2007
    #2
    1. Advertising

  3. Masterx81

    Masterx81 Guest

    Thanks for the attention...
    I have tryied 3 times with long posts, with detailed description, and
    no one has helped me... So i have tought that long posts = too long to
    read. So i have made a 'restriction', waiting someone...

    This is the config of the router at the brach office:
    !This is the running config of the router: xxxx
    !----------------------------------------------------------------------------
    !version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname xxx
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 xxxxxxxxx
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone xxx 1
    clock summer-time xxx date Mar 30 2003 2:00 Oct 26 2003 3:00
    clock calendar-valid
    no ip source-route
    !
    !
    ip cef
    no ip dhcp use vrf connected
    !
    ip dhcp pool Magazzino
    import all
    network 192.168.201.0 255.255.255.0
    dns-server 192.168.201.200
    netbios-name-server 192.168.200.1
    default-router 192.168.201.220
    !
    ip dhcp pool PCROBERT
    host 192.168.201.1 255.255.255.0
    client-identifier 0100.18f3.639a.cf
    dns-server 192.168.201.200
    netbios-name-server 192.168.200.1
    client-name PCROBERTOMAGA
    !
    !
    ip tcp synwait-time 10
    no ip bootp server
    ip domain name ruscallarenato.it
    ip name-server 151.99.125.2
    ip name-server 151.99.0.100
    ip name-server 192.168.200.1
    ip ssh time-out 60
    ip ssh authentication-retries 2
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 netshow
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    !
    !
    crypto pki trustpoint TP-self-signed-1097497397
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1097497397
    revocation-check none
    rsakeypair TP-self-signed-1097497397
    !
    !
    crypto pki certificate chain TP-self-signed-1097497397
    certificate self-signed 01
    useless
    quit
    username xxx privilege 15 secret 5 xxxx
    !
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key xxx address yy.yy.yy.yy
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to yy.yy.yy.yy
    set peer yy.yy.yy.yy
    set transform-set ESP-3DES-SHA
    match address 100
    !
    bridge irb
    !
    !
    !
    interface FastEthernet0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip virtual-reassembly
    ip route-cache flow
    shutdown
    duplex auto
    speed auto
    !
    interface BRI0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation hdlc
    ip route-cache flow
    shutdown
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    !
    interface FastEthernet5
    !
    interface FastEthernet6
    !
    interface FastEthernet7
    !
    interface FastEthernet8
    !
    interface Dot11Radio0
    no ip address
    !
    encryption key 1 size 40bit 7 xyz transmit-key
    encryption mode wep mandatory
    !
    ssid CISCO
    authentication open
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    station-role root
    bridge-group 1
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio1
    no ip address
    shutdown
    !
    encryption key 1 size 40bit 7 8522D5CAB7D5 transmit-key
    encryption mode wep mandatory
    !
    ssid CISCO
    authentication open
    !
    speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
    station-role root
    bridge-group 1
    bridge-group 1 spanning-disabled
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    no atm ilmi-keepalive
    dsl operating-mode itu-dmt
    !
    interface ATM0.1 point-to-point
    ip address xx.xx.xx.xx 255.255.255.224
    ip access-group 101 in
    ip nat outside
    ip virtual-reassembly
    no snmp trap link-status
    pvc 8/35
    encapsulation aal5snap
    !
    crypto map SDM_CMAP_1
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$FW_INSIDE$
    no ip address
    ip tcp adjust-mss 1452
    bridge-group 1
    !
    interface BVI1
    description $ES_LAN$$FW_INSIDE$
    ip address 192.168.201.200 255.255.255.0
    ip access-group 110 in
    ip nat inside
    ip virtual-reassembly
    !
    ip route 0.0.0.0 0.0.0.0 ATM0.1
    !
    ip dns server
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
    !
    logging trap debugging
    access-list 100 remark SDM_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 192.168.201.0 0.0.0.255 192.168.200.0
    0.0.0.255
    access-list 101 remark Auto generated by SDM Management Access feature
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit ip host yy.yy.yy.yyy any
    access-list 101 permit icmp host yy.yy.yyy.yyy any
    access-list 101 permit icmp any any echo-reply
    access-list 101 remark Auto generated by SDM for NTP (123)
    193.204.114.233
    access-list 101 permit udp host 193.204.114.233 eq ntp any eq ntp
    access-list 101 remark Auto generated by SDM for NTP (123)
    193.204.114.232
    access-list 101 permit udp host 193.204.114.232 eq ntp any eq ntp
    access-list 101 permit tcp any 192.168.201.0 0.0.0.255 established
    access-list 101 permit udp any any gt 1023
    access-list 101 permit udp any any eq domain
    access-list 101 permit tcp any any established
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny icmp any any
    access-list 101 deny ip any any
    access-list 102 remark Auto generated by SDM Management Access feature
    access-list 102 remark SDM_ACL Category=1
    access-list 102 permit ip any any
    access-list 103 remark Auto generated by SDM Management Access feature
    access-list 103 remark SDM_ACL Category=1
    access-list 103 permit ip any any
    access-list 105 remark SDM_ACL Category=2
    access-list 105 remark IPSec Rule
    access-list 105 deny ip 192.168.201.0 0.0.0.255 192.168.200.0
    0.0.0.255
    access-list 105 permit ip 192.168.201.0 0.0.0.255 any
    no cdp run
    !
    !
    !
    route-map SDM_RMAP_1 permit 1
    match ip address 105
    !
    !
    !
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    transport output telnet
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    access-class 102 in
    exec-timeout 0 0
    privilege level 15
    login local
    transport input telnet ssh
    line vty 5 15
    access-class 103 in
    exec-timeout 0 0
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler allocate 4000 1000
    scheduler interval 500
    ntp clock-period 17180045
    ntp master
    ntp update-calendar
    ntp server 193.204.114.232 prefer
    ntp server 193.204.114.233
    !
    webvpn context Default_context
    ssl authenticate verify all
    !
    no inservice
    !
    end


    Very thanks!!!
     
    Masterx81, Mar 9, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    601
  2. Masterx81
    Replies:
    0
    Views:
    847
    Masterx81
    Mar 5, 2007
  3. Masterx81
    Replies:
    1
    Views:
    514
    Masterx81
    Mar 8, 2007
  4. Steven Carr

    1801 VPN multiple clients

    Steven Carr, Mar 10, 2008, in forum: Cisco
    Replies:
    4
    Views:
    550
    Steven Carr
    Mar 16, 2008
  5. marsav

    CISCO 1801 DNS problem

    marsav, Jun 14, 2009, in forum: Hardware
    Replies:
    2
    Views:
    3,284
    adeelasher
    Jul 5, 2009
Loading...

Share This Page