HELP PLEASE

Discussion in 'Cisco' started by pornstudsim, Aug 18, 2011.

  1. pornstudsim

    pornstudsim

    Joined:
    Aug 18, 2011
    Messages:
    1
    Likes Received:
    0
    I can't connect from LAN to LAN though I do ping the wan interfaces from each router, tunnel 0 is the one set originally and I tried to make it work adding tunnel 2 but I didn't get it to work, I'm guessing the problem is in the access-list but I can't find exactly where, in the LAN of router A there's a server which acts as a firewall/proxy/mailserver..., on router B there used to be a private address on the WAN interface but I had to change it to a public one since the server in the router A LAN seems to have some problem (it doesn't let users from ROUTER B access the internet.)

    ROUTER A configuration:


    ! NVRAM config last updated at 11:46:58 gmt-5 Tue Aug 16 2011 by XXXX
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !

    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 4096 debugging
    !
    clock timezone gmt-5 -5
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    no aaa new-model
    ip subnet-zero
    no ip gratuitous-arps
    !
    !
    ip dhcp excluded-address 10.10.10.1
    !
    !
    ip cef
    no ip domain lookup
    ip domain name yourdomain.com
    ip name-server 200.110.232.2
    ip name-server 200.110.232.3
    ip ips po max-events 100
    no ftp-server write-enable
    !
    !
    !
    !
    no spanning-tree vlan 2
    !
    !
    !
    crypto isakmp policy 10
    authentication pre-share
    crypto isakmp key petrotech address 10.252.0.187
    no crypto isakmp ccm
    !
    !
    crypto ipsec transform-set MyTransSet esp-des esp-sha-hmac
    mode transport
    !
    crypto map TUBO 1 ipsec-isakmp
    set peer 10.252.0.187
    set transform-set MyTransSet
    match address 2699
    reverse-route
    qos pre-classify
    !
    !
    !
    interface Tunnel0
    ip address 172.16.16.1 255.255.255.252
    ip tcp adjust-mss 1000
    ip policy route-map COCA
    keepalive 10 3
    tunnel source 10.250.132.3
    tunnel destination 10.252.0.187
    tunnel path-mtu-discovery
    !
    interface Tunnel2
    description prueba
    ip address 172.16.15.1 255.255.255.252
    ip tcp adjust-mss 1350
    tunnel source 190.123.1.9
    tunnel destination 200.110.234.212
    tunnel path-mtu-discovery
    !
    interface Tunnel10
    ip address 172.16.10.1 255.255.255.252
    keepalive 10 3
    tunnel source 10.250.132.3
    tunnel destination 10.250.132.2
    tunnel path-mtu-discovery
    !
    interface FastEthernet0
    ip address 190.123.1.9 255.255.255.192
    ip virtual-reassembly
    ip tcp adjust-mss 1000
    load-interval 30
    duplex auto
    speed auto
    no cdp enable
    crypto map TUBO
    !
    interface FastEthernet0.518
    bandwidth 2048
    encapsulation dot1Q 518
    ip address 10.250.132.3 255.255.255.0
    ip policy route-map INTERNET
    no cdp enable
    !
    interface FastEthernet1
    switchport access vlan 2
    no cdp enable
    spanning-tree portfast
    !
    interface FastEthernet2
    switchport access vlan 2
    no cdp enable
    spanning-tree portfast
    !
    interface FastEthernet3
    switchport access vlan 2
    no cdp enable
    spanning-tree portfast
    !
    interface FastEthernet4
    switchport access vlan 3
    no cdp enable
    spanning-tree portfast
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    no ip address
    ip tcp adjust-mss 1452
    shutdown
    !
    interface Vlan2
    ip address 192.168.0.253 255.255.255.0 secondary
    ip address 192.168.0.1 255.255.255.0
    ip virtual-reassembly
    ip tcp adjust-mss 1000
    ip policy route-map UIO
    arp timeout 1
    !
    interface Vlan3
    description servidor
    ip address 190.123.0.1 255.255.255.248
    !
    interface Async1
    no ip address
    !
    router eigrp 27868
    redistribute static
    network 10.250.132.0 0.0.0.255
    network 192.168.0.0
    no auto-summary
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 190.123.1.1
    ip route 192.168.1.0 255.255.255.0 Tunnel10
    ip route 192.168.2.0 255.255.255.0 Tunnel1
    ip route 200.110.232.248 255.255.255.248 10.250.132.1
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    ip nat inside source list 77 interface FastEthernet0 overload
    ip nat inside source list NAT interface FastEthernet0 overload
    !
    !
    !
    ip access-list standard INTERNET
    deny 192.168.0.243 log
    permit any
    ip access-list standard NAT
    permit 192.168.0.0 0.0.255.255
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 77 permit 192.168.2.0 0.0.0.255
    access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
    access-list 101 permit ip 192.168.0.0 0.0.0.255 any
    access-list 101 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
    access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
    access-list 102 permit ip 192.168.1.0 0.0.0.255 any
    access-list 2697 deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.255.255
    access-list 2697 permit ip 192.168.0.0 0.0.0.255 any
    access-list 2698 deny ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.255.255
    access-list 2698 permit ip 192.168.2.0 0.0.0.255 any
    access-list 2699 permit gre any any

    !
    route-map COCA permit 10
    match ip address 2698
    set ip next-hop 192.168.0.99
    !
    route-map COCA permit 20
    !
    route-map INTERNET permit 10
    match ip address INTERNET
    set ip next-hop 192.168.0.99
    !
    route-map C permit 10
    !
    route-map UIO permit 10
    match ip address 2697
    set ip next-hop 192.168.0.99
    !
    !
    control-plane
    !
    !
    !
    ntp clock-period 17179981
    ntp server 200.110.232.254
    end


    ROUTER B CONFIGURATION:
    !
    boot-start-marker
    boot-end-marker
    !
    !
    clock timezone gmt-5 -5
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    no aaa new-model
    ip subnet-zero
    !
    !
    ip dhcp excluded-address 192.168.2.1 192.168.2.109
    !
    ip dhcp pool RANGO
    network 192.168.2.0 255.255.255.0
    default-router 192.168.2.1
    dns-server 8.8.8.8
    !
    !
    ip cef
    ip name-server 8.8.8.8
    ip name-server 8.8.4.4
    ip name-server 200.110.232.2
    ip name-server 200.110.232.3
    ip ips po max-events 100
    no ftp-server write-enable
    !
    !
    !

    !
    !
    class-map match-all panama
    match protocol edonkey
    !
    !
    policy-map shape
    class panama
    shape peak 64000
    !
    !
    !
    crypto isakmp policy 10
    authentication pre-share
    crypto isakmp key petrotech address 190.123.1.9
    no crypto isakmp ccm
    !
    !
    crypto ipsec transform-set MyTransSet esp-des esp-sha-hmac
    mode transport
    !
    crypto map TUBO 1 ipsec-isakmp
    set peer 190.123.1.9
    set transform-set MyTransSet
    match address 2699
    reverse-route
    qos pre-classify
    !
    !
    !
    interface Tunnel0
    ip address 172.16.16.2 255.255.255.252
    ip tcp adjust-mss 1350
    tunnel source 10.252.0.187
    tunnel destination 10.250.132.3
    tunnel path-mtu-discovery
    !
    interface Tunnel2
    description prueba
    ip address 172.16.15.2 255.255.255.252
    ip tcp adjust-mss 1350
    tunnel source 200.110.234.212
    tunnel destination 190.123.1.9
    tunnel path-mtu-discovery
    !
    interface FastEthernet0
    ip address 10.252.0.187 255.255.255.0 secondary
    ip address 200.110.234.212 255.255.255.248
    ip nat outside
    ip virtual-reassembly
    ip tcp adjust-mss 1000
    load-interval 30
    duplex auto
    speed auto
    crypto map TUBO
    !
    interface FastEthernet1
    switchport access vlan 2
    spanning-tree portfast
    !
    interface FastEthernet2
    switchport access vlan 2
    spanning-tree portfast
    !
    interface FastEthernet3
    switchport access vlan 2
    spanning-tree portfast
    !
    interface FastEthernet4
    switchport access vlan 2
    spanning-tree portfast
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan2
    ip address 192.168.2.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface Async1
    no ip address
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 200.110.234.209
    ip route 190.123.1.9 255.255.255.255 10.252.0.1
    ip route 192.168.0.0 255.255.255.0 Tunnel1
    ip route 200.110.232.248 255.255.255.248 10.252.0.1
    ip route 200.110.232.248 255.255.255.248 200.110.234.209
    ip route 200.110.233.9 255.255.255.255 10.252.0.1
    no ip http server
    no ip http secure-server
    !
    ip nat inside source list 2 interface FastEthernet0 overload
    !
    !
    access-list 2 permit 192.168.2.0 0.0.0.255
    access-list 2699 permit gre any any
    !
    !
    control-plane
    !
    !
    !
    ntp clock-period 17179972
    ntp server 10.250.0.1
    ntp server 200.110.232.254
    end
     
    pornstudsim, Aug 18, 2011
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.