Lan to Lan VPN connection but no traffic

Discussion in 'Cisco' started by ruud, Jun 29, 2006.

  1. ruud

    ruud

    Joined:
    Jun 29, 2006
    Messages:
    1
    Im trying to make a lan to lan VPN conection from a Zyxel zywall 35 to a SOHO71
    Both are on a cable/dsl line and the cisco recieves his ip from DHCP from the ISP
    Lan1 (zyxel)
    IP 192.168.1.0
    Sub 255.255.255.0

    Lan2 (Cisco)
    Ip 192.168.0.0
    Sub 255.255.255.0

    I the connection is active only there's no data transfer over the line.:hmm2:

    Here's the config: ( A.A.A.A is the wan ip of the zyzxel)

    Current configuration : 3392 bytes
    !
    version 12.3
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname admin
    !
    no logging buffered
    enable secret 5 $1$uMwO$5Vu4XJZi.9e34Qpaf0IeI1
    !
    username CRWS_Sangeetha privilege 15 password 7 015757406C5A002E65431F062A2007135E5E52787E717963
    username admin password 7 055A515D706C7D001E1616070E1E
    username CRWS_Jaidil privilege 15 password 7 03400A4F315E276D0A06480A24371B0D55727A747C626D764555
    no aaa new-model
    ip subnet-zero
    !
    !
    ip inspect name myfw cuseeme timeout 3600
    ip inspect name myfw ftp timeout 3600
    ip inspect name myfw rcmd timeout 3600
    ip inspect name myfw realaudio timeout 3600
    ip inspect name myfw smtp timeout 3600
    ip inspect name myfw tftp timeout 30
    ip inspect name myfw udp timeout 15
    ip inspect name myfw tcp timeout 3600
    ip inspect name myfw h323 timeout 3600
    !
    !
    !
    !
    crypto isakmp policy 9
    hash md5
    authentication pre-share
    crypto isakmp key 0 (secret) address A.A.A.A.
    !
    crypto ipsec security-association lifetime seconds 86400
    !
    crypto ipsec transform-set s2s1trans esp-3des esp-md5-hmac
    !
    crypto map to-site1 10 ipsec-isakmp
    set peer A.A.A.A
    set transform-set s2s1trans
    match address 101
    !
    !
    !
    !
    interface Ethernet0
    description CRWS Generated text. Please do not delete this:192.168.0.254-255.255.255.0
    ip address 192.168.0.254 255.255.255.0 secondary
    ip address 10.10.10.1 255.255.255.0
    ip access-group 122 out
    ip nat inside
    no cdp enable
    hold-queue 32 in
    !
    interface Ethernet1
    ip address dhcp client-id Ethernet1
    ip access-group 111 in
    ip mtu 1412
    ip nat outside
    ip inspect myfw out
    duplex auto
    no cdp enable
    crypto map to-site1
    !
    ip nat inside source list 102 interface Ethernet1 overload
    ip nat inside source route-map nonat interface Ethernet1 overload
    ip nat inside source static tcp 192.168.0.1 5900 interface Ethernet1 5900
    ip classless
    ip http server
    no ip http secure-server
    !
    access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
    access-list 102 permit ip 192.168.0.0 0.0.0.255 any
    access-list 111 permit tcp any any eq telnet
    access-list 111 permit icmp any any administratively-prohibited
    access-list 111 permit icmp any any echo
    access-list 111 permit icmp any any echo-reply
    access-list 111 permit icmp any any packet-too-big
    access-list 111 permit icmp any any time-exceeded
    access-list 111 permit icmp any any traceroute
    access-list 111 permit icmp any any unreachable
    access-list 111 permit udp any eq bootps any eq bootpc
    access-list 111 permit udp any eq bootps any eq bootps
    access-list 111 permit udp any eq domain any
    access-list 111 permit esp any any
    access-list 111 permit udp any any eq isakmp
    access-list 111 permit udp any any eq 10000
    access-list 111 permit tcp any any eq 1723
    access-list 111 permit tcp any any eq 139
    access-list 111 permit udp any any eq netbios-ns
    access-list 111 permit udp any any eq netbios-dgm
    access-list 111 permit gre any any
    access-list 111 deny ip any any
    access-list 122 deny tcp any any eq telnet
    access-list 122 permit ip any any
    access-list 150 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
    access-list 150 permit ip 192.168.0.0 0.0.0.255 any
    no cdp run
    route-map nonat permit 10
    match ip address 150
    !
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    stopbits 1
    line aux 0
    line vty 0 4
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    !
    end

    can anyone give me some advice
     
    Last edited: Jun 29, 2006
    ruud, Jun 29, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Robert
    Replies:
    2
    Views:
    904
    Robert
    Jan 23, 2006
  2. Matt
    Replies:
    2
    Views:
    1,057
  3. ricecs@gmail.com
    Replies:
    1
    Views:
    971
    James
    Aug 22, 2006
  4. Resi
    Replies:
    2
    Views:
    2,488
  5. Alex
    Replies:
    0
    Views:
    438
Loading...

Share This Page