Say what? One way comms in site-to-site 1

[burtsbees]

I have 4 routers, the end ones in a site-to-site vpn (lab). PC1 can ping PC2 when I bring the tunnel up (apply the crypto may to the outgoing interface) but PC2 can never ping PC1.

Left router

R2620#sh run
Building configuration...

Current configuration : 1573 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2620
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username r00t privilege 15 secret 5 $1$DJtc$f66p9.ei7ndK00tFXR6gT1
!
!
!
!
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key 1234 address 11.1.1.1
!
!
crypto ipsec transform-set 333 esp-3des esp-md5-hmac
!
crypto map 222 11 ipsec-isakmp
set peer 11.1.1.1
set transform-set 333
match address 120
!
!
!
!
interface FastEthernet0/0
ip address 10.1.2.1 255.255.255.248
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip address 13.1.1.1 255.255.255.252
ip nat outside
crypto map 222
!
interface Serial0/1
no ip address
shutdown
!
router ospf 69
log-adjacency-changes
redistribute static
network 10.1.2.0 0.0.0.3 area 0
network 10.1.2.0 0.0.0.7 area 0
network 13.1.1.0 0.0.0.3 area 0
!
ip nat pool ddd 13.1.1.1 13.1.1.1 netmask 255.255.255.252
ip nat inside source route-map nonat pool ddd overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 13.1.1.2
!
!
access-list 120 permit ip 10.1.2.0 0.0.0.7 10.1.1.0 0.0.0.7
access-list 130 deny ip 10.1.2.0 0.0.0.7 10.1.1.0 0.0.0.7
access-list 130 permit ip 10.1.2.0 0.0.0.7 any
!
route-map nonat permit 10
match ip address 130
!
!
!
!
!
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
logging synchronous
login local
!
!
end

***************************************
Right router
***************************************

Username: r00t
Password:
R1750#sh run
Building configuration...

Current configuration : 1593 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1750
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
ip cef
ip audit po max-events 100
!
!
username r00t privilege 15 secret 5 $1$y7y7$w21crau5MRGRvRDLS8iNq.
!
!
!
!
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key 1234 address 13.1.1.1
!
!
crypto ipsec transform-set b esp-3des esp-md5-hmac
!
crypto map fart 11 ipsec-isakmp
set peer 13.1.1.1
set transform-set b
match address 120
!
!
!
interface FastEthernet0
ip address 10.1.1.1 255.255.255.248
ip nat inside
speed auto
!
interface Serial0
no ip address
shutdown
!
interface Serial1
ip address 11.1.1.1 255.255.255.252
ip nat outside
crypto map fart
!
router ospf 69
log-adjacency-changes
redistribute static
network 10.1.1.0 0.0.0.7 area 0
network 11.1.1.0 0.0.0.3 area 0
!
ip nat pool f 11.1.1.1 11.1.1.1 netmask 255.255.255.252
ip nat inside source route-map nonat pool f overload
ip classless
ip route 0.0.0.0 0.0.0.0 11.1.1.2
no ip http server
no ip http secure-server
!
!
access-list 120 permit ip 10.1.1.0 0.0.0.7 10.1.2.0 0.0.0.7
access-list 130 deny ip 10.1.1.0 0.0.0.7 10.1.2.0 0.0.0.7
access-list 130 permit ip 10.1.1.0 0.0.0.7 any
!
route-map nonat permit 10
match ip address 130
!
!
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
logging synchronous
login local
!
end

/


tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[unclerico]

have you run any debugs?? client firewalls??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

Yeah, but they only pop up when I disable and enable the crypto map off and on the outgoing interface. Everything is set up the exact same way---maybe XP...oh, crap---the Windows Firewall...lemme check...

Yup...'twas enabled...I am an idiot. I will check here in a bit...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[burtsbees]

Duh...fixed...duh...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[unclerico]

lol, burt you crazy man

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

WHat can I say? I'm a Linux man, and this is yet one more reason...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!