VPN 1700 problem

[auEric]

We have a cisco 1710 at site "A" and a 1720 at site "B" with a VPN working between "A" and "B". We have a new system that needs to have a VPN from site "B" to another site "C" it has a been provided with a Linksys befsx41 VPN router. We get a connection from "B" to "C" but no data flow. If we remove the 1720 and replace it with an ADSL modem the Linksys VPN works correctly. Below is the config from site "B"


!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname site-b
!
logging queue-limit 100
no logging console
enable password 7 xxxxxxxxxxxxxxxxxxxxx
!
memory-size iomem 20
ip subnet-zero
!
!
no ip domain lookup
ip dhcp excluded-address 192.168.145.1 192.168.145.99
!
ip dhcp pool 1
network 192.168.145.0 255.255.255.0
default-router 192.168.145.1
dns-server 168.xx.xx.xx
!
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key xxxxxxxx address 210.xx.xx.xx
!
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
!
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 210.xx.xx.xx
set transform-set cm-transformset-1
match address 100
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
!
interface FastEthernet0
description connected to EthernetLAN_1
ip address 192.168.145.1 255.255.255.0
ip nat inside
speed auto
!
interface Dialer0
bandwidth 640
ip address negotiated
no ip redirects
no ip unreachables
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username xxxxxxxxxxxx@xxxxxxxx.com password 7 xxxxxxxxxxxxxxx
ppp ipcp dns request
crypto map cm-cryptomap
!
ip nat inside source list 110 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
!
access-list 100 permit ip host 222.xx.xx.xx host 210.xx.xx.xx
access-list 100 permit ip 192.168.145.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 110 deny ip 192.168.145.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 110 permit ip 192.168.145.0 0.0.0.255 any
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
password 7 xxxxxxxxxxxxxx
login
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxx
login
!
no scheduler allocate
end

 

[MartinR82]

forgive me if i have the wrong end of the stick, but you will need to configure another IPSec tunnel from site B to C would you not? And it looks like B only has a crypto map for site A?

 

[auEric]

The linksys is a vpnrouter and is provided to create its own vpn

 

[JOAMON]

Tend to agree with MartinR82.....only see one VPN connection setup in B router. Linksys may be a VPN router but the other side still needs to be setup to talk to it. Can you post the config from A. See something that does not look right.

 

[auEric]

The linksys makes a connecion to a 3rd party system at site C. Site C has a VPN router owned by the provider of the linksys.

 

[JOAMON]

Question.

What is the router ethernet address at A
What is the DHCP pool at A
What is the router ethernet address at C
What is the DHCP pool at C