Hi, I'm trying to connect 2 buildings through two Cisco 887 devices using IPSEC GRE tunnels. Building 1 subnet: 10.0.0.0/24 (router1) (WAN = static IP) Building 2 subnet: 10.1.0.0/24 (router2) (WAN = dynamic IP) Tunnel subnet: 10.2.0.0/24 The tunnel itself is working, and from building one, I can connect to the router in building 2, either through the tunnel IP 10.2.0.2 or the local IP 10.1.0.254, but not other computers in building 2. Some hints would be appreciated, it's getting very tedious. Thank you. J. ----- ROUTER1 crypto isakmp policy 1 encr aes 256 authentication pre-share group 2 ! crypto isakmp key XXX address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set aesset esp-aes 256 esp-sha-hmac ! crypto ipsec profile profile1 set transform-set aesset ! interface Tunnel0 ip address 10.2.0.1 255.255.255.0 tunnel source Dialer0 tunnel mode ipsec ipv4 tunnel protection ipsec profile profile1 ip nhrp authentication XXX ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel mode gre multipoint tunnel key 0 no ip redirects no ip route-cache no shutdown ! router rip version 2 passive-interface Dialer0 no auto-summary network 10.1.0.0 network 10.2.0.0 ! interface Vlan1 ip address 10.0.0.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp no shutdown no ipv6 address no cdp enable ip flow ingress ip nat inside ip access-group 144 in ip virtual-reassembly ip tcp adjust-mss 1412 ! ip nat inside source list acl_nat interface Dialer0 overload ! ip access-list extended acl_nat deny ip 10.0.0.0 0.0.0.255 10.1.0.0 0.0.0.255 permit ip 10.0.0.0 0.0.0.255 any deny ip any any ! ip route 10.1.0.0 255.255.0.0 Tunnel0 ! (router2 is quite identical, on request i can post more)
OK, it kinda works now. However, the tunnel takes very long to establish. When rebooting the router, the tunnel goes up after a minute or so, but is not useable. Then after another minute or so, the ISAKMP loses its connection. It keeps oscillatnig like this for about an hour, after which the tunnel is up and useable. I already tried to disable ACL's and firewalling... Any hints on this one?