Cisco 887 VPN

Discussion in 'Cisco' started by taddam, Apr 23, 2012.

  1. taddam

    taddam

    Joined:
    Apr 23, 2012
    Messages:
    2
    Likes Received:
    0
    Hi,

    I'm trying to connect 2 buildings through two Cisco 887 devices using IPSEC GRE tunnels.
    Building 1 subnet: 10.0.0.0/24 (router1) (WAN = static IP)
    Building 2 subnet: 10.1.0.0/24 (router2) (WAN = dynamic IP)
    Tunnel subnet: 10.2.0.0/24

    The tunnel itself is working, and from building one, I can connect to the router in building 2, either through the tunnel IP 10.2.0.2 or the local IP 10.1.0.254, but not other computers in building 2.

    Some hints would be appreciated, it's getting very tedious. Thank you.

    J.

    -----

    ROUTER1

    crypto isakmp policy 1
    encr aes 256
    authentication pre-share
    group 2
    !
    crypto isakmp key XXX address 0.0.0.0 0.0.0.0
    !
    crypto ipsec transform-set aesset esp-aes 256 esp-sha-hmac
    !
    crypto ipsec profile profile1
    set transform-set aesset
    !
    interface Tunnel0
    ip address 10.2.0.1 255.255.255.0
    tunnel source Dialer0
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile profile1
    ip nhrp authentication XXX
    ip nhrp map multicast dynamic
    ip nhrp network-id 1
    tunnel mode gre multipoint
    tunnel key 0
    no ip redirects
    no ip route-cache
    no shutdown
    !
    router rip
    version 2
    passive-interface Dialer0
    no auto-summary
    network 10.1.0.0
    network 10.2.0.0
    !
    interface Vlan1
    ip address 10.0.0.254 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no shutdown
    no ipv6 address
    no cdp enable
    ip flow ingress
    ip nat inside
    ip access-group 144 in
    ip virtual-reassembly
    ip tcp adjust-mss 1412
    !
    ip nat inside source list acl_nat interface Dialer0 overload
    !
    ip access-list extended acl_nat
    deny ip 10.0.0.0 0.0.0.255 10.1.0.0 0.0.0.255
    permit ip 10.0.0.0 0.0.0.255 any
    deny ip any any
    !
    ip route 10.1.0.0 255.255.0.0 Tunnel0
    !

    (router2 is quite identical, on request i can post more)
     
    taddam, Apr 23, 2012
    #1

    1. Advertisements

  2. taddam

    taddam

    Joined:
    Apr 23, 2012
    Messages:
    2
    Likes Received:
    0
    OK, it kinda works now. However, the tunnel takes very long to establish. When rebooting the router, the tunnel goes up after a minute or so, but is not useable. Then after another minute or so, the ISAKMP loses its connection. It keeps oscillatnig like this for about an hour, after which the tunnel is up and useable. I already tried to disable ACL's and firewalling... Any hints on this one?
     
    taddam, Apr 25, 2012
    #2

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. VPN IPSEC connection between a cisco 17xx and Nortel vpn box

  2. Cisco vpn server enabled / VPN and no-VPN connections mix

  3. VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005

  4. USB Keys and Cisco VPN Concentrator / Cisco VPN Client ?

  5. VPN site to site & Remote access VPN ( vpn client) over the same interface

  6. Problem with GRE (cisco 887, wlan, bvi)

  7. Cisco 887 & 2621XM policy maps

Loading...