Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN is up, but traffic can't get through

Status
Not open for further replies.
tangostar

tangostar

MIS
Apr 21, 2004
166
CA
I have a Cisco 1812
with 2 VPNs
neither of the remote sites can access services in the central site, but the central site can print in the remote site and access the remote computers through VNC.
I just want to get the remote sites to be able to access services.

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname proxy
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
!
no aaa new-model
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
!
!
ip tcp synwait-time 10
ip tcp path-mtu-discovery
no ip bootp server
no ip domain lookup
ip domain name xxx.com
ip name-server 64.201.xxx.xxx
ip name-server 207.54.xxx.xxx

ip ssh time-out 60
ip ssh authentication-retries 2
no ip ips deny-action ips-interface
ip ips notify SDEE
!
vty-async
!
crypto pki trustpoint TP-self-signed-2068113186
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2068113186
revocation-check none
rsakeypair TP-self-signed-2068113186

!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key xxxxxxx address 66.11.xxx.xxx no-xauth
crypto isakmp key xxxxxxx address 207.139.xxx.xxx no-xauth
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 30
!
!
crypto ipsec transform-set laval esp-3des esp-md5-hmac
crypto ipsec transform-set alpine esp-3des esp-sha-hmac
!
crypto map quebec 1 ipsec-isakmp
description Tunnel to Alpine crypto-map
set peer 207.139.xxx.xxx
set transform-set alpine
match address 100
crypto map quebec 2 ipsec-isakmp
description Tunnel to Laval crypto-map
set peer 66.11.xxx.xxx
set transform-set alpine
match address 102
!
!
!
interface Tunnel0
description tunnel to Alpine
no ip address
ip mtu 1454
tunnel source 66.225.xxx.xxx
tunnel destination 216.95.xxx.xxx
tunnel path-mtu-discovery
crypto map quebec
crypto ipsec df-bit clear
!
interface Tunnel1
description tunnel to Laval
no ip address
tunnel source 66.225.xxx.xxx
tunnel destination 207.164.xxx.xxx
tunnel path-mtu-discovery
crypto map quebec
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
!
interface FastEthernet0
description Terago$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address 66.225.xxx.xxx 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
speed 10
full-duplex
crypto map quebec
!
interface FastEthernet1
description WOW$ETH-LAN$
ip address 209.162.xxx.xxx 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.0.0.6 255.255.255.0
ip helper-address 10.0.0.22
ip mask-reply
ip directed-broadcast
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip kerberos source-interface FastEthernet0
ip classless
ip default-network 10.0.0.0
ip route 0.0.0.0 0.0.0.0 66.225.xxx.xxx permanent
ip route 10.0.0.0 255.255.255.0 Vlan1 permanent
ip route 192.168.0.0 255.255.255.0 Tunnel1 permanent
ip route 192.168.123.0 255.255.255.0 Tunnel0 permanent
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source route-map SDM_RMAP_2 interface FastEthernet1 overload
ip nat inside source static tcp 10.0.0.20 443 66.225.149.209 443 extendable
ip nat inside source static tcp 10.0.0.2 1723 66.225.149.209 1723 extendable
ip nat inside source static tcp 10.0.0.21 22 66.225.149.211 22 extendable
ip nat inside source static tcp 10.0.0.21 25 66.225.149.211 25 extendable
ip nat inside source static tcp 10.0.0.20 80 66.225.149.211 80 extendable
ip nat inside source static tcp 10.0.0.20 110 66.225.149.211 110 extendable
ip nat inside source static tcp 10.0.0.8 1494 66.225.149.212 1494 extendable
ip nat inside source static tcp 10.0.0.8 2598 66.225.149.212 2598 extendable
!
logging trap debugging
logging 10.0.0.15
access-list 100 remark SDM_ACL Category=20
access-list 100 permit ip 10.0.0.0 0.0.255.255 192.168.123.0 0.0.0.255
access-list 100 remark SDM_ACL Category=20
access-list 100 permit tcp 10.0.0.0 0.0.255.255 eq 1494 192.168.0.0 0.0.255.255 eq 1494
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=20
access-list 102 permit ip 10.0.0.0 0.0.255.255 192.168.0.0 0.0.0.255
access-list 102 permit tcp 10.0.0.0 0.0.255.255 eq smtp 192.168.0.0 0.0.255.255 eq smtp
access-list 102 permit tcp 10.0.0.0 0.0.255.255 eq pop3 192.168.0.0 0.0.255.255 eq pop3
access-list 102 permit tcp 10.0.0.0 0.0.255.255 eq 1494 192.168.0.0 0.0.255.255 eq 1494
snmp-server community public RO
no cdp run
!
route-map SDM_RMAP_1 permit 1
match ip address 101
set ip df 0
!
route-map SDM_RMAP_2 permit 1
match ip address 101
!
!
!
!
control-plane
!
banner login Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end
 
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
297
intel233
intel233
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
65
Garbear
Garbear
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
92
Russtoleum
Russtoleum
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
128
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
365
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top