Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help... Trying to establish a VPN between 2 2600 routers! 1

Status
Not open for further replies.
Niall22

Niall22

IS-IT--Management
Jun 9, 2000
109
CA
I'm having some difficulty trying to establish a VPN between two 2600 routers located at remote sites.
I used the Cisco Config Maker software so that I could see how it's done and then manually made the changes to each router. I have successfully setup a VPN between one router and VPN clients using Cisco's VPN client software but I can't make it work between two routers! It establishes a tunnel between the two but I can't ping any of the computers located within the private networks at either site. They just won't talk to each other. Is there any special steps that need to be taken to accomplish this? I've disabled RIP on both routers because they are small networks but is that necessary to route traffic through the VPN?

Thanks,

Niall
 
Sort by date Sort by votes
Niall,
Are you running an access list on the router that is allowing GRE traffic through on both sides? If you do it should be applied to the Crypto Map then the crypto map applied to both the Serial port and the VPN Tunnel. If you are running ACL's for traffic filtering you will also have to place an entry in there for both the GRE and IP traffic to pass. Without knowing your particular configuration I am guessing it is a ACL issue. You should also enable logging on both routers, this will let you know what is going on. If your routers are receiving packets that it does not recognize as IPSEC packets then take a look at the crypto map. Let me know if you've checked those things and we can move forward on it.

david e
 
Upvote 0 Downvote
You need to establish routing tables between the tunnel endpoints. You can do this with static routes, eg.

ip route 192.168.0.0 255.255.255.0 T1

Each router needs a route to the other's internal segment like this.

OR use RIP or some other routing protocol, making sure to specify passive interfaces for all interfaces except the tunnel.
 
Upvote 0 Downvote
Thanks for the replies!
I think I have a major part of it solved now. I needed to change the access lists for the crypto map from the public ip to the private ip on each router. It was encrypting data from the public addresses rather than the private addresses. My second problem has to do with allowing VPN clients to connect to our main office router while maintaining it's tunnel to the remote office. I think I have that almost solved. I'm using a dynamic crypto map for the clients since the IP's are always changing and I've combined that with my static crypto map for the remote office. It establishes a connection but I haven't had a chance to get our remote users (using client software) to try it yet. Here's hoping...

Thanks guys!
 
Upvote 0 Downvote
Sounds like you are on the right track. Let us know if you run into anything interesting.

david e
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
300
bdk76
bdk76
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
324
Jared R
Jared R
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
255
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
346
madwok
madwok
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
119
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top