Site-to-Site VPN problems

Discussion in 'Cisco' started by Ewan McNab, Feb 16, 2009.

  1. Ewan McNab

    Ewan McNab Guest

    Hi

    I have two sites, Site A has a Cisco 877 ( IOS 12.4(15)T7 Security
    Bundle) and Site B has a 877w ( IOS 12.4(4)T8 ). All sites are on ADSL
    lines with Demon (UK) as the ISP.

    I have set up (using SDM) a site to site VPN using GRE, and can ping
    machines on both ends of the link OK. But I can only connect to machines
    (either using VNC or accessing shares) if going from Site A to B. Going
    from Site B to A fails yet pings are working OK.

    I then set up a 3rd Cisco 877 router (same model/version as Site A has),
    lets call this Site C. This had a site to site VPN (GRE Tunnel) setup
    for Site A-C. With this you can ping machines on both ends, but cannot
    access shares or use VNC etc in either direction.

    Now this to me points towards a firewall setting that is in the 877 SB
    routers, but not on a standard 877(w). I just can't see what or find any
    info that solves/helps the problem. Is this a common
    error/misconfiguration when using SDM for the configuration? Is there
    any suggestions as to a solution to get the VPN links working correctly
    both ways?

    Wasn't sure exactly what info people would need to assist, so if someone
    advises me what info such as the running config, or any output of the
    show command I can post that info up.



    Thanks

    Ewan.




    --
    Ewan McNab
     
    Ewan McNab, Feb 16, 2009
    #1
    1. Advertising

  2. Ewan McNab

    peter Guest

    X-No-Archive: yes
    Ewan McNab wrote:
    > Hi
    >
    > I have two sites, Site A has a Cisco 877 ( IOS 12.4(15)T7 Security
    > Bundle) and Site B has a 877w ( IOS 12.4(4)T8 ). All sites are on ADSL
    > lines with Demon (UK) as the ISP.
    >
    > I have set up (using SDM) a site to site VPN using GRE, and can ping
    > machines on both ends of the link OK. But I can only connect to machines
    > (either using VNC or accessing shares) if going from Site A to B. Going
    > from Site B to A fails yet pings are working OK.


    Hi
    Check your ACL's.

    This may help in debugging ACL's

    Set a rule to allow VNC through with logging. Set up a sys log server
    and monitor (http://www.kiwisyslog.com/kiwi-syslog-server-overview/).
    Need to to this on both routers


    if not sure post configs here


    Peter
     
    peter, Feb 22, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tical
    Replies:
    3
    Views:
    3,974
    tical
    May 27, 2004
  2. Rick Stromberg
    Replies:
    7
    Views:
    10,012
    luisjimher
    Jun 3, 2011
  3. Nathan Simpson

    Incoming VPN and site to site VPN problems

    Nathan Simpson, Aug 14, 2004, in forum: Cisco
    Replies:
    1
    Views:
    528
  4. JJ DD
    Replies:
    3
    Views:
    717
    Anthony Mahoney
    Aug 23, 2004
  5. pasatealinux
    Replies:
    1
    Views:
    2,119
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page