VPN - no ping - dslreports.com

robineq join:2009-04-20 Arlington, VA 1 edit	reply to robineq Re: VPN - no ping yes the VPN is established but add this to the access-list doesn't solve the problem
	to forum · permalink · · 2009-04-30 04:22:13 ·
g3neration join:2005-11-04 Brooklyn, NY	reply to robineq If the VPN is established then right now it would seem like its just the traffic that is permitted. So on the 861, I would also allow traffic by doing: access-list 101 permit ip 192.168.5.0 0.0.0.255 192.168.2.0 0.0.0.255
	to forum · permalink · · 2009-04-28 18:50:51 ·
robineq join:2009-04-20 Arlington, VA	reply to robineq Hi! I have two vpn on the cisco 861 Yes, I want one network permitted between 192.168.2.0 to 192.168.5.0 and vice versa... The vpn are connecting. I can ping from netgear my add 79.xxx.xxx.xxx but not local 192.168.2.0, also I can't ping from cisco add 95.xxx.xxx.xxx ...
	to forum · permalink · · 2009-04-27 02:28:49 ·
g3neration join:2005-11-04 Brooklyn, NY	reply to robineq Your interesting traffic for that should be going to the Netgear is defined by: crypto map SDM_CMAP_1 2 ipsec-isakmp Interesting traffic is being matched against access list 101. Access list 101 only has one network permitted which is 192.168.2.0 to 192.168.5.0. Is that the two networks you want? You might also want to allow traffic from 192.168.5.0 to 192.168.2.0.
	to forum · permalink · · 2009-04-26 15:38:06 ·
robineq join:2009-04-20 Arlington, VA 1 edit	Hi! I have a problem with VPN between 79.xxx (Cisco 861) and 95.xxx (Netgear FVS318) connection is set but there is no ping to local network. Please help or suggestions. CISCO 861: Building configuration... Current configuration : 7982 bytes ! version 12.4 username xxx privilege 15 secret 5 $1$2jm/$McHxNl6f/uhr55FK1Bx2o/ ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 lifetime 3600 ! crypto isakmp key 1xxxxxxxxxxxxxx address 212.xxx.102.xxx crypto isakmp key ixxxxxxxxxxxxxx address 95.xxx.xxx.xxx ! ! crypto ipsec transform-set gre esp-3des esp-sha-hmac crypto ipsec transform-set serwis esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to 212.xxx.100.xxx set peer 212.xxx.102.xxx set transform-set gre set pfs group2 match address 112 ! crypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel to 95.xxx.xxx.xxx set peer 95.xxx.xxx.xxx set transform-set serwis set pfs group2 match address 101 ! interface Tunnel0 ip address 192.168.1.1 255.255.255.252 tunnel source FastEthernet4 tunnel destination 212.xxx.100.xxx ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$ ip address 79.xxx.xxx.xxx 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly duplex auto speed auto crypto map SDM_CMAP_1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.2.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 crypto map SDM_CMAP_1 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 79.xxx.xxx.xxx 15 ip route 79.xxx.xxx.xxx 255.255.255.248 FastEthernet4 ip route 192.168.2.0 255.255.255.0 Vlan1 ip route 192.168.2.0 255.255.255.0 Tunnel0 ip route 192.168.3.0 255.255.255.0 192.168.1.2 ip route 192.168.4.0 255.255.255.0 192.168.1.2 ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload ! access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark CCP_ACL Category=2 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 100 remark CCP_ACL Category=4 access-list 100 permit gre host 79.xxx.xxx.xxx host 212.xxx.100.xxx access-list 100 permit ip 192.168.2.0 0.0.0.255 any access-list 101 remark CCP_ACL Category=4 access-list 101 remark IPSec Rule access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 112 remark CCP_ACL Category=4 access-list 112 permit ip host 79.xxx.xxx.xxx host 212.xxx.100.xxx access-list 112 permit icmp host 79.xxx.xxx.xxx host 212.xxx.100.xxx access-list 112 permit icmp host 79.xxx.xxx.xxx host 192.168.4.0 access-list 112 permit icmp host 79.xxx.xxx.xxx host 192.168.3.0 access-list 112 permit ip host 79.xxx.xxx.xxx host 192.168.3.0 access-list 112 permit ip host 79.xxx.xxx.xxx host 192.168.4.0 no cdp run route-map SDM_RMAP_1 permit 1 match ip address 100 ! route-map SDM_RMAP_1 permit 2 match ip address 101 ! NETGEAR FVS318: log's: [2009-04-20 06:43:38]** AGGRESSIVE MODE COMPLETED [2009-04-20 06:43:38][==== IKE PHASE 2(to 79.xxx.xxx.xxx) START (initiator) ====] [2009-04-20 06:43:39] SENT OUT FIRST MESSAGE OF QUICK MODE [2009-04-20 06:43:39]Initiator IPADDR=192.168.5.0,PORT=0 [2009-04-20 06:43:39]Responder IPADDR=192.168.2.0,PORT=0 [2009-04-20 06:43:39] RECEIVED SECOND MESSAGE OF QUICK MODE [2009-04-20 06:43:39] PAYLOADS: HASH,SA,PROP,TRANS,NONCE,KE,ID,ID [2009-04-20 06:43:39] PAYLOADS: HASH [2009-04-20 06:43:39] SENT OUT THIRD MESSAGE OF QUICK MODE [2009-04-20 06:43:41] QUICK MODE COMPLETED [2009-04-20 06:43:41][==== IKE PHASE 2 ESTABLISHED====] [2009-04-20 07:42:33][==== IKE PHASE 2(from 79.xxx.xxx.xxx) START (responder) ====] [2009-04-20 07:42:33] RECEIVED FIRST MESSAGE OF QUICK MODE [2009-04-20 07:42:33] PAYLOADS: HASH,SA,PROP,TRANS,NONCE,KE,ID,ID [2009-04-20 07:42:33] FOUND IDs,EXTRACT ID INFO [2009-04-20 07:42:33]Initiator IPADDR=192.168.2.0 MASK=255.255.255.0 [2009-04-20 07:42:33]Responder IPADDR=192.168.5.0 MASK=255.255.255.0 [2009-04-20 07:42:34] SENT OUT SECOND MESSAGE OF QUICK MODE [2009-04-20 07:42:34] RECEIVED THIRD MESSAGE OF QUICK MODE [2009-04-20 07:42:34] PAYLOADS: HASH [2009-04-20 07:42:36] QUICK MODE COMPLETED [2009-04-20 07:42:36][==== IKE PHASE 2 ESTABLISHED====] [2009-04-20 07:42:42]DISCARDING RETRANSMITTED PACKET... [2009-04-20 07:42:46]DISCARDING RETRANSMITTED PACKET... [2009-04-20 07:42:52]DISCARDING RETRANSMITTED PACKET... [2009-04-20 07:43:26] RECEIVED INFORMATIONAL EXCHANGE MESSAGE ** [2009-04-20 07:43:45] PAYLOADS: HASH,DEL
	to forum · permalink · · 2009-04-20 03:07:21 ·


Saturday, 05-Dec 10:23:31	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF