Hi,
I have 2x 1701 connected to a DSL line - that i require VPN access between ...
Network 1
192.168.1.x /24
Network 2
192.168.5.x /24
The 1701's work fine, they connect to the internet and also the VPN connects to each other.. The two 1701s can ping each other (using private lan IP's) but no other devices can connect to the remote network (nor ping each other icluding the remote router) - yet they can all connect to the internet .. I'm sure it's an easy mistake somewhere - but i'm really loosing hope of finding it without some help !
Config from one of the units follows (passwords and public ip's mask to protect the innocent!)
!
version 12.3
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 4096 debugging
enable secret 5 xxxxxxxxxx
!
username admin privilege 0 password 7 xxxxxxxxx
no aaa new-model
ip subnet-zero
no ip source-route
!
!
!
!
no ip domain lookup
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxx address 80.229.xx.xx
!
!
crypto ipsec transform-set SDM_TRANSFORMSET_1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 80.229.xx.xx
set peer 80.229.xx.xx
set transform-set SDM_TRANSFORMSET_1
match address 100
!
!
interface Tunnel0
ip address 172.0.0.1 255.255.255.0
ip mtu 1420
tunnel source 80.229.xx.xx
tunnel destination 80.229.xx.xx
crypto map SDM_CMAP_1
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no cdp enable
!
interface FastEthernet0
description $FW_INSIDE$
ip address 192.168.5.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
speed auto
no cdp enable
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp reliable-link
ppp authentication chap callin
ppp chap hostname xxxx@xxxx.xxx
ppp chap password 7 xxxxxx
crypto map SDM_CMAP_1
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Tunnel0
ip http server
ip http access-class 2
no ip http secure-server
!
!
access-list 1 remark INSIDE_IF=FastEthernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 100 remark SDM_ACL Category=20
access-list 100 permit icmp host 80.229.xx.xx host 80.229.xx.xx
access-list 100 permit ip host 80.229.xx.xx host 80.229.xx.xx
access-list 100 permit udp host 80.229.xx.xx host 80.229.xx.xx
access-list 100 permit tcp host 80.229.xx.xx host 80.229.xx.xx
access-list 111 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 112 permit ip any any
access-list 113 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
line con 0
login local
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
line vty 0 4
access-class 10 in
password 7 xxxxxxxx
login local
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
end
So what is wrong with that ??? help!
Thanks to whoever responds..
Tamlyn.
I have 2x 1701 connected to a DSL line - that i require VPN access between ...
Network 1
192.168.1.x /24
Network 2
192.168.5.x /24
The 1701's work fine, they connect to the internet and also the VPN connects to each other.. The two 1701s can ping each other (using private lan IP's) but no other devices can connect to the remote network (nor ping each other icluding the remote router) - yet they can all connect to the internet .. I'm sure it's an easy mistake somewhere - but i'm really loosing hope of finding it without some help !
Config from one of the units follows (passwords and public ip's mask to protect the innocent!)
!
version 12.3
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 4096 debugging
enable secret 5 xxxxxxxxxx
!
username admin privilege 0 password 7 xxxxxxxxx
no aaa new-model
ip subnet-zero
no ip source-route
!
!
!
!
no ip domain lookup
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxx address 80.229.xx.xx
!
!
crypto ipsec transform-set SDM_TRANSFORMSET_1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 80.229.xx.xx
set peer 80.229.xx.xx
set transform-set SDM_TRANSFORMSET_1
match address 100
!
!
interface Tunnel0
ip address 172.0.0.1 255.255.255.0
ip mtu 1420
tunnel source 80.229.xx.xx
tunnel destination 80.229.xx.xx
crypto map SDM_CMAP_1
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no cdp enable
!
interface FastEthernet0
description $FW_INSIDE$
ip address 192.168.5.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
speed auto
no cdp enable
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp reliable-link
ppp authentication chap callin
ppp chap hostname xxxx@xxxx.xxx
ppp chap password 7 xxxxxx
crypto map SDM_CMAP_1
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Tunnel0
ip http server
ip http access-class 2
no ip http secure-server
!
!
access-list 1 remark INSIDE_IF=FastEthernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 100 remark SDM_ACL Category=20
access-list 100 permit icmp host 80.229.xx.xx host 80.229.xx.xx
access-list 100 permit ip host 80.229.xx.xx host 80.229.xx.xx
access-list 100 permit udp host 80.229.xx.xx host 80.229.xx.xx
access-list 100 permit tcp host 80.229.xx.xx host 80.229.xx.xx
access-list 111 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 112 permit ip any any
access-list 113 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
line con 0
login local
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
line vty 0 4
access-class 10 in
password 7 xxxxxxxx
login local
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
end
So what is wrong with that ??? help!
Thanks to whoever responds..
Tamlyn.