vpn between cisco837

Discussion in 'Cisco' started by duncan, Oct 28, 2003.

  1. duncan

    duncan Guest

    i have 2 CISCO837 routers and i would establish a vpn tunnel

    between them

    with this conf the tunnel VPN is on but the datagrams do not

    cross the tunnel.

    the ping between the router's ethernet don't work

    PUNTOA and PUNTOB are the router's public IP
    192.168.1.0 e 192.168.2.0 are the 2 LAN
    192.168.1.122 ethernet routerA
    192.168.2.104 ethernet routerB


    can u help me???PLEASE!!!

    ps: sorry for my english...!!!


    router A

    no ip subnet-zero
    !
    no ip bootp server
    ip audit notify log
    ip audit po max-events 100
    !
    crypto isakmp policy 1
    hash md5
    authentication pre-share
    crypto isakmp key xxx address PUNTOB
    !
    !
    crypto ipsec transform-set criptaggiotortoreto esp-des

    esp-md5-hmac
    !
    crypto map tunnelperchieti 1 ipsec-isakmp
    set peer PUNTOB
    set transform-set criptaggiotortoreto
    match address 100
    !
    partition flash 2 6 2
    !
    !
    !
    !
    interface Ethernet0
    description CRWS Generated text. Please do not delete
    this:192.168.1.122-255.255.255.0
    ip address 192.168.1.122 255.255.255.0
    ip nat inside
    no ip route-cache
    no ip mroute-cache
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip route-cache
    no ip mroute-cache
    atm vc-per-vp 64
    no atm ilmi-keepalive
    dsl operating-mode auto
    dsl power-cutback 0
    !
    interface ATM0.1 point-to-point
    ip address PUNTOA 255.255.255.0
    ip mtu 1200
    ip nat outside
    no ip route-cache
    no ip mroute-cache
    pvc 8/35
    encapsulation aal5snap
    !
    crypto map tunnelperchieti
    !
    ip nat inside source route-map nonat interface ATM0.1

    overload
    ip nat inside source static tcp 192.168.1.1 3389 interface

    ATM0.1 3389
    ip classless
    ip route 0.0.0.0 0.0.0.0 ATM0.1
    ip http server
    !
    !
    access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0

    0.0.0.255
    access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0

    0.0.0.255
    access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.2.0

    0.0.0.255
    access-list 102 permit ip 192.168.1.0 0.0.0.255 any
    route-map nonat permit 1
    match ip address 102
    !
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    exec-timeout 0 0
    login local
    !
    scheduler max-task-time 5000
    end



    ROUTER B

    no ip subnet-zero
    !
    no ip bootp server
    ip audit notify log
    ip audit po max-events 100
    !
    crypto isakmp policy 1
    hash md5
    authentication pre-share
    crypto isakmp key xxx address PUNTOA!
    !
    crypto ipsec transform-set criptaggiotortoreto esp-des

    esp-md5-hmac
    !
    crypto map tunnelperchieti 1 ipsec-isakmp
    set peer PUNTOA set transform-set criptaggiotortoreto
    match address 100
    !
    partition flash 2 6 2
    !
    !
    !
    !
    interface Ethernet0
    description CRWS Generated text. Please do not delete
    this:192.168.2.104-255.255.255.0
    ip address 192.168.2.104 255.255.255.0
    ip nat inside
    no ip route-cache
    no ip mroute-cache
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip route-cache
    no ip mroute-cache
    atm vc-per-vp 64
    no atm ilmi-keepalive
    dsl operating-mode auto
    dsl power-cutback 0
    !
    interface ATM0.1 point-to-point
    ip address PUNTOB 255.255.255.0
    ip mtu 1200
    ip nat outside
    no ip route-cache
    no ip mroute-cache
    pvc 8/35
    encapsulation aal5snap
    !
    crypto map tunnelperchieti
    !
    ip nat inside source route-map nonat interface ATM0.1

    overload
    ip nat inside source static tcp 192.168.2.1 3389 interface

    ATM0.1 3389
    ip classless
    ip route 0.0.0.0 0.0.0.0 ATM0.1
    ip http server
    !
    !
    access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0

    0.0.0.255
    access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0

    0.0.0.255
    access-list 102 permit ip 192.168.2.0 0.0.0.255 any
    access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0

    0.0.0.255
    route-map nonat permit 1
    match ip address 102
    !
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    end
     
    duncan, Oct 28, 2003
    #1
    1. Advertisements

  2. duncan

    Kevin Su Guest

    You have not applied the crypto map to the correct interface, how can
    you see the tunnel is up?
     
    Kevin Su, Oct 29, 2003
    #2
    1. Advertisements

  3. duncan

    duncan Guest


    if i type the SHOW CRYPTO ISAKMP SA
    the output is:
    dst src state conn-id
    slot
    PUNTOB PUNTOA QM_IDLE 1 0



    and if i type SHOW CRYPTO IPSEC SA
    the output is:
    Crypto map tag: tunnelperchieti, local addr. PUNTOA

    local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
    remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
    current_peer: PUNTOB:500
     
    duncan, Oct 29, 2003
    #3
  4. Ravikumar Eswaran, Oct 30, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.