Evilnoodle
MIS
I'm having routing problems with a pair of Cisco 1701 ADSL Routers. The routers both connect to the internet without problem. The Routers are setup to use an IPSEC VPN tunnels.
IPSEC is working as well as the tunnels. The routers are setup as follows.
Router A:-
Ethernet Address 10.0.0.252 /24
ADSL Real Internet Address 213.218.x.x /30
Tunnel Address 172.0.0.1
Router B:-
Ethernet Address 192.168.0.253 /24
ADSL Real Internet Address 213.218.x.x /30
Tunnel Address 172.0.0.10
Router A Can ping Router B via ADSL Address, Tunnel B end Address and Ethernet Address. But nothing past the B end router on its Local network.
From the internal network directly connected to router A you can ping the A end Router internal address,ADSL, and the Tunnel address. But you cant ping the B end apart from the Real IP Address.
Router B can ping Router A via ADSL Address, Tunnel A end and the Ethernet Address. From the internal network directly connected to Router B you can ping the B end routers ADSL connection Local Address and local tunnel connection but not the A end of the tunnel.
Any ideas would be greatful. Here also is one of the configs the A end is an exact copy.
!This is the running config of the router: 192.168.0.253
!----------------------------------------------------------------------------
!version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cradley
!
security authentication failure rate 3 log
security passwords min-length 6
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$IzqU$CQ7xxxxxxxxxxxx.6qLQbTdg.
!
username sup privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
clock timezone PCTimeZone 0
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
ip domain name xxxxx.co.uk
ip name-server 213.130.128.xx
ip name-server 213.130.128.xx
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 0 xxxxxxxxxx address 213.218.x.xx
!
!
crypto ipsec transform-set SDM_TRANSFORMSET_1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 213.218.x.x
set peer 213.218.x.x
set transform-set SDM_TRANSFORMSET_1
match address 100
!
!
!
!
interface Tunnel0
ip address 172.0.0.1 255.255.255.0
ip mtu 1420
tunnel source 213.218.x.x
tunnel destination 213.218.x.x
crypto map SDM_CMAP_1
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
pppoe-client dial-pool-number 1
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no cdp enable
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.0.253 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
speed auto
no cdp enable
!
interface Dialer0
ip address 213.218.x.x 255.255.255.252
ip mtu 1452
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname 07541-alnwick@ukadsl
ppp chap password 7 070539485C1D161D0D
crypto map SDM_CMAP_1
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.255.255.0 Tunnel0
ip http server
ip http authentication local
ip http secure-server
!
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 permit gre host 213.218.x.x host 213.218.x.x
access-list 111 permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 112 permit ip any any
access-list 113 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
IPSEC is working as well as the tunnels. The routers are setup as follows.
Router A:-
Ethernet Address 10.0.0.252 /24
ADSL Real Internet Address 213.218.x.x /30
Tunnel Address 172.0.0.1
Router B:-
Ethernet Address 192.168.0.253 /24
ADSL Real Internet Address 213.218.x.x /30
Tunnel Address 172.0.0.10
Router A Can ping Router B via ADSL Address, Tunnel B end Address and Ethernet Address. But nothing past the B end router on its Local network.
From the internal network directly connected to router A you can ping the A end Router internal address,ADSL, and the Tunnel address. But you cant ping the B end apart from the Real IP Address.
Router B can ping Router A via ADSL Address, Tunnel A end and the Ethernet Address. From the internal network directly connected to Router B you can ping the B end routers ADSL connection Local Address and local tunnel connection but not the A end of the tunnel.
Any ideas would be greatful. Here also is one of the configs the A end is an exact copy.
!This is the running config of the router: 192.168.0.253
!----------------------------------------------------------------------------
!version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cradley
!
security authentication failure rate 3 log
security passwords min-length 6
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$IzqU$CQ7xxxxxxxxxxxx.6qLQbTdg.
!
username sup privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
clock timezone PCTimeZone 0
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
ip domain name xxxxx.co.uk
ip name-server 213.130.128.xx
ip name-server 213.130.128.xx
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 0 xxxxxxxxxx address 213.218.x.xx
!
!
crypto ipsec transform-set SDM_TRANSFORMSET_1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 213.218.x.x
set peer 213.218.x.x
set transform-set SDM_TRANSFORMSET_1
match address 100
!
!
!
!
interface Tunnel0
ip address 172.0.0.1 255.255.255.0
ip mtu 1420
tunnel source 213.218.x.x
tunnel destination 213.218.x.x
crypto map SDM_CMAP_1
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
pppoe-client dial-pool-number 1
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no cdp enable
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.0.253 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
speed auto
no cdp enable
!
interface Dialer0
ip address 213.218.x.x 255.255.255.252
ip mtu 1452
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname 07541-alnwick@ukadsl
ppp chap password 7 070539485C1D161D0D
crypto map SDM_CMAP_1
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.255.255.0 Tunnel0
ip http server
ip http authentication local
ip http secure-server
!
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 permit gre host 213.218.x.x host 213.218.x.x
access-list 111 permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 112 permit ip any any
access-list 113 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
