routed VPN

Discussion in 'Cisco' started by vienio, Mar 18, 2011.

  1. vienio

    vienio

    Joined:
    Mar 18, 2011
    Messages:
    1
    site1
    ========

    adres WAN 79.187.247.XXX
    adres wew. sieci lokalnej 192.160.0.0/24


    site2
    ========

    adres WAN 79.187.248.YYY
    adres wew. sieć: 192.168.0.224/28



    in router 'site1' the configuration I have:
    ---------------------------------------------------

    !
    crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    set peer 79.187.248.YYY
    set transform-set ASA-IPSEC
    match address SDM_1
    !
    !
    crypto map SDM_CMAP_2 1 ipsec-isakmp
    set peer 79.187.248.YYY
    set transform-set ASA-IPSEC
    match address 101
    !
    interface FastEthernet0
    description WAN
    ip address 79.187.247.XXX 255.255.255.248
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    crypto map SDM_CMAP_1
    !
    !
    ip nat pool net-192 79.187.247.XXX 79.187.247.XXX netmask 255.255.255.248
    ip nat inside source route-map SDM_RMAP_2 pool net-192
    !
    ip access-list extended SDM_1
    remark SDM_ACL Category=6
    remark IPSec Rule
    permit ip 192.168.0.0 0.0.0.255 192.168.0.224 0.0.0.15
    permit ip 0.0.0.0 255.255.255.240 any
    !
    access-list 100 remark SDM_ACL Category=16
    access-list 100 deny ip 0.0.0.0 255.255.255.240 any
    access-list 100 remark IPSec Rule
    access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.0.224 0.0.0.15
    access-list 100 deny ip any 192.168.0.224 0.0.0.15
    access-list 100 permit ip host 192.168.0.3 any
    access-list 100 permit ip host 192.168.0.11 any
    !
    access-list 101 remark SDM_ACL Category=4
    access-list 101 remark IPSec Rule
    access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.0.224 0.0.0.15
    no cdp run
    !
    !
    route-map SDM_RMAP_1 permit 1
    match ip address 100
    !
    route-map SDM_RMAP_2 permit 1
    match ip address 100
    !
    !

    Diagnosis of VPN connections to communicate:
    __________________________________________

    1-> The following source(s) are routed through the crypto map interface. 1)
    0.0.0.0
    Go to 'Configure->Routing' and correct the routing table.

    2-> The tunnel traffic destination must be routed through the crypto map
    interface.
    The following destination(s) are routed through non-crypto map
    interface. 1) 192.168.0.224
    Go to 'Configure->Routing' and Correct the routing table.

    ###########################

    how to improve routing?
    vienio
    vienio, Mar 18, 2011
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John

    Routed port on 3550 switch

    John, Jan 31, 2004, in forum: Cisco
    Replies:
    1
    Views:
    3,698
    Steinar Haug
    Jan 31, 2004
  2. Richard Antony Burton

    NAT & routed at the same time, on an 837

    Richard Antony Burton, Dec 1, 2004, in forum: Cisco
    Replies:
    7
    Views:
    3,157
    Richard Antony Burton
    Dec 3, 2004
  3. Victor Tan

    Routed port mode

    Victor Tan, Dec 3, 2004, in forum: Cisco
    Replies:
    0
    Views:
    1,825
    Victor Tan
    Dec 3, 2004
  4. Albert
    Replies:
    0
    Views:
    550
    Albert
    Jun 1, 2005
  5. gkurcon@yahoo.com

    Cisco VPN Client through PIX and routed network

    gkurcon@yahoo.com, Nov 2, 2005, in forum: Cisco
    Replies:
    2
    Views:
    466
    gkurcon@yahoo.com
    Nov 3, 2005
Loading...

Share This Page