LedZepRock
MIS
Hi, and thanks for looking.
I want to connect to Lans togeather via VPN and I dont want the traffic to be translated to NAT.
Lan - 192.168.101.0 mask 255.255.255.0
to send untranslated traffic to
Lan2 - 192.168.3.0 mask 255.255.255.0
Here is what I have done with my config, but I am running into trouble (ie it dont work), I think I am missing some princibles here on how it all works.
Also debug is giving me problems, should
logging on
logging console information
debug crypto isakmp
debug crypto ipsec
work?? even a working vpn I have shows no debug??
Anyway some cuts on my config
names
name 192.168.3.0 lan2
name 192.168.1.0 lan
access-list nonatinside permit ip object-group lan object-group lan2
access-list lan2-outside-cryptomap_15 permit ip 192.168.101.0 255.255.255.0 object-group lan2
logging on
logging console debugging
no logging message 106011
nat (inside) 0 access-list nonatinside
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map outside_map 15 ipsec-isakmp
crypto map outside_map 15 match address lan2-outside-cryptomap_15
crypto map outside_map 15 set peer <lan2 external IP>
crypto map outside_map 15 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address <lan2 external IP>
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes
isakmp policy 20 hash sha
isakmp policy 20 group 5
isakmp policy 20 lifetime 86400
Hope I have not stripped anything useful from that, but it saves on you guys looking at a full config, again if I may point out, I do have a working VPN 2 VPN on this box (does translate though) so the firewall is setup in that way OK. I think my problem is getting this NAT business to work.
Any help would be really great.
Thanks for looking
Simon
I want to connect to Lans togeather via VPN and I dont want the traffic to be translated to NAT.
Lan - 192.168.101.0 mask 255.255.255.0
to send untranslated traffic to
Lan2 - 192.168.3.0 mask 255.255.255.0
Here is what I have done with my config, but I am running into trouble (ie it dont work), I think I am missing some princibles here on how it all works.
Also debug is giving me problems, should
logging on
logging console information
debug crypto isakmp
debug crypto ipsec
work?? even a working vpn I have shows no debug??
Anyway some cuts on my config
names
name 192.168.3.0 lan2
name 192.168.1.0 lan
access-list nonatinside permit ip object-group lan object-group lan2
access-list lan2-outside-cryptomap_15 permit ip 192.168.101.0 255.255.255.0 object-group lan2
logging on
logging console debugging
no logging message 106011
nat (inside) 0 access-list nonatinside
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map outside_map 15 ipsec-isakmp
crypto map outside_map 15 match address lan2-outside-cryptomap_15
crypto map outside_map 15 set peer <lan2 external IP>
crypto map outside_map 15 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address <lan2 external IP>
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes
isakmp policy 20 hash sha
isakmp policy 20 group 5
isakmp policy 20 lifetime 86400
Hope I have not stripped anything useful from that, but it saves on you guys looking at a full config, again if I may point out, I do have a working VPN 2 VPN on this box (does translate though) so the firewall is setup in that way OK. I think my problem is getting this NAT business to work.
Any help would be really great.
Thanks for looking
Simon
