I have some problems with the configuration of a ipsec VPN between a cisco 827 router and a Sonicwall 4060.
The status of the tunnels is ok (IKE and IPSEC), but hosts doesn´t comunicate.
The problem is problaby the nat or any access list, could someone help me??
Regards
This is the configuration:
---------------------------------------------------------------------------------------------------------------
Current configuration : 1762 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname testing
!
enable secret 5 $1$tCeE$HbJVPnsXI0t5yO/BzN.Zu/
!
no aaa new-model
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 15
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key 0 password address 83.97.195.248
!
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
!
crypto map tosonicwall 15 ipsec-isakmp
set peer 83.97.195.248
set transform-set strongsha
match address 115
!
!
!
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
ip nat inside
no ip mroute-cache
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 217.127.73.218 255.255.255.192
ip nat outside
pvc 8/32
encapsulation aal5snap
!
crypto map tosonicwall
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip nat inside source list 101 interface ATM0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 115 permit ip 192.168.2.0 0.0.0.255 172.16.0.0 0.0.0.255
no cdp run
!
line con 0
no modem enable
line aux 0
line vty 0 4
password ---------
login
!
scheduler max-task-time 5000
!
end
The status of the tunnels is ok (IKE and IPSEC), but hosts doesn´t comunicate.
The problem is problaby the nat or any access list, could someone help me??
Regards
This is the configuration:
---------------------------------------------------------------------------------------------------------------
Current configuration : 1762 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname testing
!
enable secret 5 $1$tCeE$HbJVPnsXI0t5yO/BzN.Zu/
!
no aaa new-model
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 15
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key 0 password address 83.97.195.248
!
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
!
crypto map tosonicwall 15 ipsec-isakmp
set peer 83.97.195.248
set transform-set strongsha
match address 115
!
!
!
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
ip nat inside
no ip mroute-cache
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 217.127.73.218 255.255.255.192
ip nat outside
pvc 8/32
encapsulation aal5snap
!
crypto map tosonicwall
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip nat inside source list 101 interface ATM0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 115 permit ip 192.168.2.0 0.0.0.255 172.16.0.0 0.0.0.255
no cdp run
!
line con 0
no modem enable
line aux 0
line vty 0 4
password ---------
login
!
scheduler max-task-time 5000
!
end