• Advertisement

VPN Tunnel comes up, but traffic will not travel

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.

VPN Tunnel comes up, but traffic will not travel

Postby Guest » Thu Dec 16, 2010 9:33 pm


Can't understand why this is not working.   I perform extended pings but will not ping at all when before it did.  I did make some changes since a new T1 was installed.  ANyone take a quick peek at this config....

------------------------------

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key MYKEY address YYY.YYY.YYY.YYY

!

crypto ipsec transform-set TUNNELSET esp-3des esp-md5-hmac

!

crypto map TUNNEL 1 ipsec-isakmp

set peer YYY.YYY.YYY.YYY

set transform-set TUNNELSET

match address BIZ-hq

!

interface Loopback1

ip address XXX.XXX.XXX.9 255.255.255.248

ip nat outside

ip virtual-reassembly

crypto map TUNNEL

crypto ipsec df-bit clear

!

interface FastEthernet0/0/3

description LOCAL_LAN_INTERFACE

!

interface Serial0/1/0

ip address XXX.XXX.XXX.2 255.255.255.252

ip nat outside

ip virtual-reassembly

encapsulation ppp

!

interface Vlan1

ip address 192.168.150.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.1

!

ip nat pool T1 XXX.XXX.XXX.9 XXX.XXX.XXX.9 netmask 255.255.255.248

ip nat inside source route-map nonat pool T1 overload

!

ip access-list extended DONOTNAT

deny   ip 192.168.150.0 0.0.0.255 192.100.100.0 0.0.0.255

deny   ip 192.168.150.0 0.0.0.255 192.168.1.0 0.0.0.255

permit ip 192.168.150.0 0.0.0.255 any

ip access-list extended BIZ-hq

permit ip 192.168.150.0 0.0.0.255 192.100.100.0 0.0.0.255

permit ip 192.168.150.0 0.0.0.255 192.168.1.0 0.0.0.255

!

access-list 20 permit NN.NN.162.160 0.0.0.31

access-list 20 permit NN.NN.197.192 0.0.0.31

access-list 20 permit 192.168.150.0 0.0.0.255

access-list 20 permit 192.168.9.0 0.0.0.255

!

route-map nonat permit 10

match ip address DONOTNAT

Guest
 

Advertisement

Re:VPN Tunnel comes up, but traffic will not travel

Postby Guest » Thu Dec 16, 2010 10:01 pm


The VPN tunnel used to work until I moved to a different ISP which I'm using a loopback as the tunnel endpoint.  Is this even possible?

Guest
 

Re:VPN Tunnel comes up, but traffic will not travel

Postby Guest » Thu Dec 16, 2010 10:23 pm


You need to make sure that set peer x.x.x.x and crypto isakmp key xxxx address x.x.x.x on the other router are actually pointing to the new ip address of your router...

Yes you can terminate on the loopback interface the command to do this is:

crypto map map-name local-address interface-id

where you interface id will be your loopback interface...

for more information on this command, please refer to the following link:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800ca7b6.html#wp1018189

please rate this post if it helps!

Regards,

Guest
 

Re:VPN Tunnel comes up, but traffic will not travel

Postby Guest » Thu Dec 16, 2010 11:28 pm


If found out about this command a few hours ago.  Thank you though.

Guest
 

Re:VPN Tunnel comes up, but traffic will not travel

Postby Guest » Fri Dec 17, 2010 12:29 am


After adding the line as recommended, it changed nothing.

Guest
 

Next


  • Advertisement


Similar topics


Return to Virtual Private Networks

Who is online

Users browsing this forum: No registered users and 1 guest

cron