Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Traffic not being routed across cisco vpn 1

Status
Not open for further replies.

jfmays

ISP
Oct 2, 2008
35
US
I have a vpn link to another network. It's setup using crypto isakmp. The vpn comes up when traffic is directed to it...

gw1.newalb#show crypto isakmp sa
dst src state conn-id slot
24.235.29.17 65.119.118.136 QM_IDLE 1 0

but when I try to route traffic across it from one machine to one on the other network that matches the access list...

ip access-list extended PHL-3845-SS7-VPN
permit ip host 24.235.0.25 host 65.119.118.76

... it doesn't go across the vpn. Rather, traceroutes from 24.235.0.25 to 65.119.118.76 show it going across the internet.

root@ss02:~# traceroute 65.119.118.76
traceroute to 65.119.118.76 (65.119.118.76), 30 hops max, 40 byte packets
1 fa2-0-103.core-gw1.noc.win.net (216.24.23.67) 0.956 ms 1.040 ms 1.205 ms
2 fa0-0.cust-gw1.noc.win.net (216.24.30.68) 1.556 ms 1.997 ms 2.314 ms
3 216-24-2-238.ip.win.net (216.24.2.238) 12.139 ms 12.458 ms 16.217 ms
4 66.73.221.253 (66.73.221.253) 25.385 ms 23.740 ms 20.455 ms
5 bb2-g4-0-2.ipltin.ameritech.net (151.164.42.158) 19.451 ms 19.116 ms 18.783 ms
6 69.220.8.51 (69.220.8.51) 37.946 ms 39.349 ms 40.347 ms
7 Te-3-2.Chicago1.Level3.net (4.68.110.197) 43.450 ms 43.117 ms 42.779 ms
8 ae-2-52.bbr2.Chicago1.Level3.net (4.68.101.33) 35.399 ms 35.309 ms 34.693 ms
9 so-1-0-0.mp2.Philadelphia1.Level3.net (209.247.8.65) 52.065 ms 52.138 ms 96.989 ms
10 so-11-0.hsa1.Philadelphia1.Level3.net (64.159.0.154) 54.060 ms 54.095 ms 53.400 ms
11 SWITCH-AND.hsa1.Philadelphia1.Level3.net (209.246.200.118) 49.841 ms !X 49.747 ms !X *
 
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA6 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA7 esp-3des esp-sha-hmac
crypto ipsec transform-set vpn esp-3des esp-sha-hmac
!
crypto map VPN 1 ipsec-isakmp
set peer 75.x.x.x
set transform-set vpn
match address 100

!

ip nat inside source route-map nonat interface FastEthernet4 overload
!

access-list 100 remark IPSec Rule traffice src and dest to be encrypted
access-list 100 permit ip 192.168.33.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 remark deny tunnel traffic to be encrypted but permit all
access-list 110 deny ip 192.168.33.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.33.0 0.0.0.255 any
!
!
route-map nonat permit 10
match ip address 110
!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top