dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
share rss forum feed

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to Lea Massiot

Re: VPN between two Cisco 887VA devices

If I had to guess, it might be a split tunneling issue.

Lea Massiot

join:2012-09-03
Ok, well I'm sorry: I got confused.
(So maybe we can forget about my previous problem and split tunneling for now :)). Again I'm sorry.

As I was confused, I reconfigured "Router 1" and "Router 2" step by step with a lot of care.
Now, here is what is functioning and what is not:
- "Router 2" and "PC 2" can access the Internet properly,
- I think the ISAKMP/IPSEC tunnel is set between "Router 1" and "Router 2" but there are some important issues:

Situation 1: I ping 192.168.1.2 ("PC 1") from 192.168.0.2 ("PC 2"):
1) "192.168.1.2" replies to the ping request,
2) with the "show crypto ipsec sa" command I can see that:
on "Router 1":
#pkts encaps, #pkts encrypt and #pkts digest increase from 106 to 107
#pkts decaps, #pkts decrypt and #pkts verify increase from 58 to 59
on "Router 2":
#pkts encaps, #pkts encrypt and #pkts digest increase from 58 to 59
#pkts decaps, #pkts decrypt and #pkts verify increase from 106 to 107


Situation 2: I try to access \\192.168.1.2 ("PC 1") from 192.168.0.2 ("PC 2")
1) It doesn't work: "Windows cannot access \\192.168.1.2" (Windows 7) and the message appears very quickly.
2) with the "show crypto ipsec sa" command I can see that:
on "Router 1":
#pkts encaps, #pkts encrypt and #pkts digest increase from 107 to 114
#pkts decaps, #pkts decrypt and #pkts verify increase from 59 to 68
on "Router 2":
#pkts encaps, #pkts encrypt and #pkts digest increase from 59 to 68
#pkts decaps, #pkts decrypt and #pkts verify increase from 107 to 114


Situation 3: I try to access \\192.168.0.2 ("PC 2") from 192.168.1.2 ("PC 1")
1) It doesn't work: "\\192.168.0.2 The network path wasn't found" (Windows XP) and the message takes one minute to appear.
2) with the "show crypto ipsec sa" command I can see that:
on "Router 1":
#pkts encaps, #pkts encrypt and #pkts digest increase from 114 to 128
#pkts decaps, #pkts decrypt and #pkts verify do not change (68)
on "Router 2":
#pkts encaps, #pkts encrypt and #pkts digest do not change (68)
#pkts decaps, #pkts decrypt and #pkts verify increase from 114 to 128


In example 1, it looks like the tunnel is working, don't you think?
In example 2, it looks like both sides on the tunnel encrypt and decrypt something, and yet "PC 2" can't access "PC 1".
In example 3, it looks like only "Router 1" encrypts something which is decrypted by "Router 2"... and again "PC 1" can't access "PC 2".

Can you help me with this?
Thank you and best regards.

aryoba
Premium,MVM
join:2002-08-22
kudos:4
Post (not as attachment) the updated configuration of both routers so people here can review.