VPN between 2 1841 router using a connection HDSL

Hi all

I need help to solve my problem, sorry for my English, I'll try to explain my problem

I need to build a VPN (ipsec) between 2 side that use a Cisco 1841 router, each with its own public IP address.

The side 2 can ping each public IP address but the VPN are DOWN state.

The schema is the following:

192.168.1.0/24 (LAN1) <->Ro1 (X.X.X.X) <- vpn="" -="">(Y.Y.Y.Y) Ro2 <->192.168.2.0/24 (LAN2)

the configuration of the Ro1 is shown on, the same configuration is present also in Ro2, but with a different IP address

SH run
Building configuration...

Current configuration: 9808 bytes
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
hostname TEST
!
boot-start-marker
start the flash c1841-adventerprisek9 - mz.124 - 24.T.bin system
boot-end-marker
!
forest-meter operation of syslog messages
logging buffered 51200 warnings
!
No aaa new-model
dot11 syslog
no ip source route
!
!
!
!
IP cef
no ip bootp Server
IP domain name test.it
Server name x.x.x.x IP
Server name x.x.x.x IP
inspect the IP log drop-pkt
inspect the IP incomplete-max 300 low
inspect the high IP-400 max-incomplete
IP inspect a minute low 300
IP inspect hashtable-size 2048
inspect the IP tcp synwait-time 20
inspect the tcp host incomplete-max 300 IP block-time 60
inspect the name ID tcp IP
inspect the IP udp ID name
inspect the IP ftp login name
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
!
Password username privilege 15 TEST TEST 0
Archives
The config log
hidekeys
!
!
crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 2
!
address TEST key crypto isakmp Y.Y.Y.Y
ISAKMP crypto keepalive 10
!
!
Crypto ipsec transform-set VPN - SET esp-3des esp-md5-hmac
!
VPN ipsec-isakmp crypto map
defined peer Y.Y.Y.Y
transformation-VPN-SET game
match address 150
!
!
!
property intellectual ssh time 60
property intellectual ssh authentication-2 retries
property intellectual ssh version 2
!
!
!
interface FastEthernet0/0
Description * Ro1-> LAN router *.
IP 192.168.1.254 255.255.255.0
IP nat inside
IP virtual-reassembly
automatic duplex
automatic speed
No keepalive
!
!
interface Serial0/0/0
no ip address
frame relay IETF encapsulation
event logging subif-link-status
dlci-change of status event logging
IP access-group 103 to
load-interval 30
no fair queue
frame-relay lmi-type ansi
!
point-to-point interface Serial0/0/0.1
Description * Ro1-> WAN router *.
IP x.x.x.x 255.255.255.252
NAT outside IP
inspect the IP ID out
IP virtual-reassembly
SNMP trap-the link status
No cdp enable
No arp frame relay
frame-relay interface dlci 100 IETF
VPN crypto card
!
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 Serial0/0/0.1

no ip address of the http server
no ip http secure server
!
!
IP nat inside source map route VPN - NAT interface overloading Serial0/0/0.1
!
!

Access-list 100 * ACL NAT note *.
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
Note access-list 103 *.
Note access-list 103 * OPEN PORTS VPN *.
access-list 103 allow udp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq non500-isakmp
access-list 103 allow udp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq isakmp
access-list 103 allow esp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 allow ahp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 deny ip any one
Note access-list 150 * ACL VPN *.
access-list 150 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
Note access-list 150 *.
!
route VPN - NAT allowed 10 map
corresponds to the IP 100
!
control plan
!
!
!
Line con 0
local connection
line to 0
line vty 0 4
privilege level 15
local connection
transport input telnet ssh
line vty 5 15
privilege level 15
local connection
transport input telnet ssh
!
Scheduler allocate 20000 1000
end

Thus, according to the display of the response of these controls.

Ro1 (config) # sh encryption session
Current state of the session crypto

Interface: Serial0/0/0.1
The session state: down
Peer: 81.21.17.146 port 500
FLOW IPSEC: allowed ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
Active sAs: 0, origin: card crypto

Ro1 (config) # sh crypto map interface serial 0/0/0.1
"VPN" 1-isakmp ipsec crypto map
By peer = Y.Y.Y.Y
Extend 150 IP access list
access-list 150 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
Current counterpart: Y.Y.Y.Y
Life safety association: 4608000 kilobytes / 86400 seconds
Answering machine-only (Y/N): N
PFS (Y/N): N
Transform sets = {}
VPN - SET: {esp-3des esp-sha-hmac},.
}
Interfaces using crypto card VPN:
Serial0/0/0.1

Thanks in advance

No, you don't have source your ping to the LAN interface.

In Ro1: Source of ping 192.168.2.254 192.168.1.3

OR / of Ro2: source ping 192.168.1.3 192.168.2.254

Tags: Cisco Security

Similar Questions

Problem with IPsec VPN between ASA and router Cisco - ping is not response

Hello

I don't know because the IPsec VPN does not work. This is my setup (IPsec VPN between ASA and R2):

my network topology data:

LAN 1 connect ASA - 1 (inside the LAN)

PC - 10.0.1.3 255.255.255.0 10.0.1.1

ASA - GigabitEthernet 1: 10.0.1.1 255.255.255.0

-----------------------------------------------------------------

ASA - 1 Connect (LAN outide) R1

ASA - GigabitEthernet 0: 172.30.1.2 255.255.255.252

R1 - FastEthernet 0/0: 172.30.1.1 255.255.255.252

---------------------------------------------------------------------

R1 R2 to connect

R1 - FastEthernet 0/1: 172.30.2.1 255.255.255.252

R2 - FastEthernet 0/1: 172.30.2.2 255.255.255.252

R2 for lan connection 2

--------------------------------------------------------------------

R2 to connect LAN2

R2 - FastEthernet 0/0: 10.0.2.1 255.255.255.0

PC - 10.0.2.3 255.255.255.0 10.0.2.1

ASA configuration:

1 GigabitEthernet interface
nameif inside
security-level 100
IP 10.0.1.1 255.255.255.0
no downtime
interface GigabitEthernet 0
nameif outside
security-level 0
IP 172.30.1.2 255.255.255.252
no downtime
Route outside 0.0.0.0 0.0.0.0 172.30.1.1

------------------------------------------------------------

access-list scope LAN1 to LAN2 ip 10.0.1.0 allow 255.255.255.0 10.0.2.0 255.255.255.0
object obj LAN
subnet 10.0.1.0 255.255.255.0
object obj remote network
10.0.2.0 subnet 255.255.255.0
NAT (inside, outside) 1 static source obj-local obj-local destination obj-remote control remote obj non-proxy-arp static

-----------------------------------------------------------
IKEv1 crypto policy 10
preshared authentication
aes encryption
sha hash
Group 2
life 3600
Crypto ikev1 allow outside
crypto isakmp identity address

------------------------------------------------------------
tunnel-group 172.30.2.2 type ipsec-l2l
tunnel-group 172.30.2.2 ipsec-attributes
IKEv1 pre-shared-key cisco123
Crypto ipsec transform-set esp-aes-192 ASA1TS, esp-sha-hmac ikev1

-------------------------------------------------------------
card crypto ASA1VPN 10 is the LAN1 to LAN2 address
card crypto ASA1VPN 10 set peer 172.30.2.2
card crypto ASA1VPN 10 set transform-set ASA1TS ikev1
card crypto ASA1VPN set 10 security-association life seconds 3600
ASA1VPN interface card crypto outside

R2 configuration:

interface fastEthernet 0/0
IP 10.0.2.1 255.255.255.0
no downtime
interface fastEthernet 0/1
IP 172.30.2.2 255.255.255.252
no downtime

-----------------------------------------------------

router RIP
version 2
Network 10.0.2.0
network 172.30.2.0

------------------------------------------------------
access-list 102 permit ahp 172.30.1.2 host 172.30.2.2
access-list 102 permit esp 172.30.1.2 host 172.30.2.2
access-list 102 permit udp host 172.30.1.2 host 172.30.2.2 eq isakmp
interface fastEthernet 0/1
IP access-group 102 to

------------------------------------------------------
crypto ISAKMP policy 110
preshared authentication
aes encryption
sha hash
Group 2
life 42300

------------------------------------------------------
ISAKMP crypto key cisco123 address 172.30.1.2

-----------------------------------------------------
Crypto ipsec transform-set esp - aes 128 R2TS

------------------------------------------------------

access-list 101 permit tcp 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255

------------------------------------------------------

R2VPN 10 ipsec-isakmp crypto map
match address 101
defined by peer 172.30.1.2
PFS Group1 Set
R2TS transformation game
86400 seconds, life of security association set
interface fastEthernet 0/1
card crypto R2VPN

I don't know what the problem

Thank you

If the RIP is not absolutely necessary for you, try adding the default route to R2:

IP route 0.0.0.0 0.0.0.0 172.16.2.1

If you want to use RIP much, add permissions ACL 102:

access-list 102 permit udp any any eq 520

LAN to lan vpn between ASA and router 7200

Hi friends,

I need to configure the lan to lan between ASA vpn (remote location) and router 7200 (on our network).

<7200 router="" (ip="" add:="" 10.10.5.2)="">-(Internet) -<(IP add:="" 192.168.12.2)="" asa(5510)="">---192.135.5.0/24 network

I will have the following configuration:

7200 router:

crypto ISAKMP policy 80

the enc

AUTH pre-shared

Group 1

life 3600

ISAKMP crypto key cisco123 address 192.168.12.2

Cryto ipsec transform-set esp - esp-md5-hmac VPNtrans

map VPNTunnel 80 ipsec-isakmp crypto

defined by peer 192.168.12.2

game of transformation-VPNtrans

match address 110

int fa0/0

IP add 10.10.5.2 255.255.255.192

IP virtual-reassembly

no ip route cache

Speed 100

full duplex

card crypto VPNTunnel

access-list 110 permit ip any 192.135.5.0 0.0.0.255

ASA:

int e0/0

nameif inside

security-level 100

192.135.5.254 Add IP 255.255.255.0

int e0/1

nameif outside

security-level 0

IP add 192.168.12.2 255.255.255.240

access-list ACL extended ip 192.135.5.0 allow 255.255.255.0 any

Route outside 0.0.0.0 0.0.0.0.0 192.168.12.3 1

"pre-shared key auth" ISAKMP policy 10

ISAKMP policy 10-enc

ISAKMP policy 10 md5 hash

10 1 ISAKMP policy group

ISAKMP duration strategy of life 10-3600

Crypto ipsec transform-set esp - esp-md5-hmac VPNtran

card crypto VPN 10 matches the ACL address

card crypto VPN 10 set peer 10.10.5.2

card crypto VPN 10 the transform-set VPNtran value

tunnel-group 10.10.5.2 type ipsec-l2l

IPSec-attributes of type tunnel-group 10.10.5.2

cisco123 pre-shared key

card crypto VPN outside interface

ISAKMP allows outside

dhcpd address 192.135.5.1 - 192.135.5.250 inside

dhcpd dns 172.15.4.5 172.15.4.6

dhcpd wins 172.15.76.5 172.15.74.5

dhcpd lease 14400

dhcpd ping_timeout 500

dhcpd allow inside

Please check the configuration, please correct me if I missed something. I'm in a critical situation at the moment...

Please advise...

Thank you very much...

Where it fails at the present time?

Can you share out of after trying to establish the VPN tunnel:

See the isa scream his

See the ipsec scream his

Please also run the following debug to see where it is a failure:

debugging cry isa

debugging ipsec cry

VPN between ASA and router

Hi all

First of all, I would like to say I'm trying to implement this on Packet trace. I would like to set up a VPN using an ASA 5505 and a Cisco router 1841 (both available on Packet trace).

The devices can ping external IP address on the other.

The problem is that the VPN is not established. If I run sh crypto control its isakmp on the SAA, he said: there are no SAs IKEv1

Configurations for both devices are attached.

No idea why it doesn't work? Sorry if it is not the right forum for this, is the first time I post. I've searched the forums and I checked some of the proposed solutions, but I have not found the answer to my problem :-(

Thanks in advance,

Patty
1. On the router, there is no crypto card. Need in a manner consistent with the SAA.
2. Your policy of phase 1 is not compatible. They settings must match on both sides (router: 3des, ASA: aes)
3. You can adjust your NAT on both devices that tunnel traffic does not get teeth. Remember that NAT is made prior to IPsec. If you do not exempt NAT traffic, then it will not match the ACL crypto more after NAT.
4. Yes, the forum is perfectly fine! ;-)

VPN on Cisco 1841 router

Hello

I need to configure the vpn site to site on router cisco 1841, but the problem is that the router does not recognize the crypto comand.

R1 #conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1 (config) #crypto?
% Unrecognized command
R1 (config) #crypto?
% Unrecognized command
R1 (config) #c?
call call-history-mib id-carrier cdp
chat script class-card clock SNC
config-register connect plan control configuration

R1 (config) #crypto isakmp policy 1

^
Invalid entry % detected at ' ^' marker.

R1 #sh worm
Cisco IOS Software, 1841 (C1841-IPBASE-M), Version 12.4 (1 c), RELEASE SOFTWARE (fc1)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Updated Wednesday 25 October 05 17:10 by evmiller

ROM: System Bootstrap, Version 12.3 T9 (8r), RELEASE SOFTWARE (fc1)

the availability of CS-Khatlon-opio-01 is 2 days, 23 hours, 13 minutes
System returned to ROM of charging at 16:07:44 TJK Friday, November 7, 2014
System image file is "flash: c1841-ipbase - mz.124 - 1C.bin.

Cisco 1841 (revision 6.0) with 114688K / 16384K bytes of memory.
Card processor ID FCZ102110NQ
2 FastEthernet interfaces
Configuration of DRAM is 64 bits wide with disabled parity.
191K bytes of NVRAM memory.
31360K bytes of ATA CompactFlash (read/write)

Configuration register is 0 x 3922

Please help, how to set up vpn?

Hello

According to this output is more than clear that you do not have a k9 license applied to this router, this license will enable the security features on your IOS, in this case, you will need a permit of k9 with an activation key, and then you will be able to have available on your device encryption controls. Once you have that we can work on configuring site to site.

Do not forget to rate!

David Castro,

Kind regards

Need some advice about the VPN between local Cisco router and remote Watchguard

Hi all

I am configuring a Cisco 887 to VPN router to a device of watchguard at the remote site.

From what I understand, the VPN tunnel is in PLACE. I can ping to the remote server on the 192.168.110.0 of the network, but whenever I try to navigate to it on the local server, it wouldn't work.

I ping the remote server via the IP address on the local server, but not on the Cisco router. Is - will this work as expected?

--------------------------------------------------------------------------------------

R5Router #sh crypto isakmp his

IPv4 Crypto ISAKMP Security Association

DST CBC conn-State id

110.142.127.237 122.3.112.10 QM_IDLE 2045 ACTIVE

IPv6 Crypto ISAKMP Security Association

--------------------------------------------------------------------------------------

R5Router #sh encryption session

Current state of the session crypto

Interface: Virtual-Access2

The session state: down

Peer: 122.3.112.10 port 500

FLOW IPSEC: allowed ip 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

Active sAs: 0, origin: card crypto

FLOW IPSEC: allowed 1 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

Active sAs: 0, origin: card crypto

FLOW IPSEC: allowed 6 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

Active sAs: 0, origin: card crypto

FLOW IPSEC: allowed ip host 122.3.112.10 192.168.0.0/255.255.255.0

Active sAs: 0, origin: card crypto

Interface: Dialer0

The session state: UP-ACTIVE

Peer: 122.3.112.10 port 500

IKEv1 SA: local 110.142.127.237/500 remote 122.3.112.10/500 Active

FLOW IPSEC: allowed ip 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

Active sAs: 2, origin: card crypto

FLOW IPSEC: allowed 1 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

Active sAs: 0, origin: card crypto

FLOW IPSEC: allowed 6 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

Active sAs: 0, origin: card crypto

FLOW IPSEC: allowed ip host 122.3.112.10 192.168.0.0/255.255.255.0

Active sAs: 0, origin: card crypto

Crypto ACL 102, should really include only 1 line, that is to say:

10 permit ip 192.168.0.0 0.0.0.255 192.168.110.0 0.0.0.255

and you should have the image mirror on the remote end ACL line too.

PLS, remove the remaining lines on 102 ACL ACL.

I guess that the ACL 101 is NAT exemption, if it is pls include "deny ip 192.168.0.0 0.0.0.255 192.168.110.0 0.0.0.255" on top of your current line "license".

Clear the tunnels as well as the NAT translation table after the changes described above.

Private of IPSec VPN-private network between ASA and router

Hello community,

This is first time for me to configure IPSec VPN between ASA and router. I have an ASA 5540 at Headquarters and 877 router to EH Branch

Headquarters ASA summary.

Peer IP: 111.111.111.111

Local network: 10.0.0.0

Branch

Peer IP: 123.123.123.123

LAN: 192.168.1.0/24

Please can someone help me set up the vpn.

Hello

This guide covers exactly what you need:

Establishment of ASDM and SDM - http://www.netcraftsmen.net/resources/archived-articles/273.html

Tunnel VPN - ASA to the router configuration:

http://www.Cisco.com/en/us/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml#ASDM

Kind regards

Jimmy

Troubleshooting IPSec Site to Site VPN between ASA and 1841

Hi all

in the past I've implemented several VPN connections between the devices of the SAA. So I thought a site link between an ASA site and 1841 would be easier... But it seems I was mistaken.

I configured a VPN Site to Site, as it has been described in the Document ID: SDM 110198: IPsec Site to Site VPN between ASA/PIX and an example of IOS Router Configuration (I have not used SDM but CCP).

I have run the wizards on the ASA with ASDM and the current IOS version 15.1 1841, with CCP.

It seems to Phase 1 and 2 are coming although my ASA in ADSM reports (monitoring > VPN > VPN statistics > Sessions) a tunnel established with some of the Tx traffic but 0 Rx traffic),

On the ASA:

Output of the command: "sh crypto ipsec its peer 217.xx.yy.zz.

address of the peers: 217.86.154.120
Crypto map tag: VPN-OUTSIDE, seq num: 2, local addr: 62.aa.bb.cc

access extensive list ip 192.168.37.0 outside_2_cryptomap_1 allow 255.255.255.0 172.20.2.0 255.255.255.0
local ident (addr, mask, prot, port): (LAN-A/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (LAN-G/255.255.255.0/0/0)
current_peer: 217.xx.yy.zz

#pkts program: 400, #pkts encrypt: 400, #pkts digest: 400
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 400, comp #pkts failed: 0, #pkts Dang failed: 0
success #frag before: 0, failures before #frag: 0, #fragments created: 0
Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
#send errors: 0, #recv errors: 0

local crypto endpt. : 62.aa.bb.cc, remote Start crypto. : 217.xx.yy.zz

Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
current outbound SPI: 39135054
current inbound SPI: B2E9E500

SAS of the esp on arrival:
SPI: 0xB2E9E500 (3001672960)
transform: esp-3des esp-sha-hmac no compression
running parameters = {L2L, Tunnel, PFS 2 group}
slot: 0, id_conn: 100327424, crypto-map: VPN-OUTSIDE
calendar of his: service life remaining (KB/s) key: (4374000/1598)
Size IV: 8 bytes
support for replay detection: Y
Anti-replay bitmap:
0x00000000 0x00000001
outgoing esp sas:
SPI: 0 x 39135054 (957567060)
transform: esp-3des esp-sha-hmac no compression
running parameters = {L2L, Tunnel, PFS 2 group}
slot: 0, id_conn: 100327424, crypto-map: VPN-OUTSIDE
calendar of his: service life remaining (KB/s) key: (4373976/1598)
Size IV: 8 bytes
support for replay detection: Y
Anti-replay bitmap:
0x00000000 0x00000001

Output of the command: "sh crypto isakmp his."

HIS active: 4
Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
Total SA IKE: 4

IKE Peer: 217.xx.yy.zz
Type: L2L role: initiator
Generate a new key: no State: MM_ACTIVE

On the 1841

1841 crypto isakmp #sh its
IPv4 Crypto ISAKMP Security Association
DST CBC conn-State id
217.86.154.120 62.153.156.163 QM_IDLE 1002 ACTIVE

1841 crypto ipsec #sh its

Interface: Dialer1
Tag crypto map: SDM_CMAP_1, local addr 217.86.154.120

protégé of the vrf: (none)
local ident (addr, mask, prot, port): (172.20.2.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (192.168.37.0/255.255.255.0/0/0)
current_peer 62.153.156.163 port 500
LICENCE, flags is {origin_is_acl},
#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
#pkts decaps: 585, #pkts decrypt: 585, #pkts check: 585
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
Errors #send 0, #recv 0 errors

local crypto endpt. : 217.86.154.120, remote Start crypto. : 62.153.156.163
Path mtu 1452, ip mtu 1452, ip mtu BID Dialer1
current outbound SPI: 0xB2E9E500 (3001672960)
PFS (Y/N): Y, Diffie-Hellman group: group2

SAS of the esp on arrival:
SPI: 0 x 39135054 (957567060)
transform: esp-3des esp-sha-hmac.
running parameters = {Tunnel}
Conn ID: 2003, flow_id: FPGA:3, sibling_flags 80000046, card crypto: SDM_CMAP_1
calendar of his: service life remaining (k/s) key: (4505068/1306)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVE

the arrival ah sas:

SAS of the CFP on arrival:

outgoing esp sas:
SPI: 0xB2E9E500 (3001672960)
transform: esp-3des esp-sha-hmac.
running parameters = {Tunnel}
Conn ID: 2004, flow_id: FPGA:4, sibling_flags 80000046, card crypto: SDM_CMAP_1
calendar of his: service life remaining (k/s) key: (4505118/1306)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVE

outgoing ah sas:

outgoing CFP sas:

Interface: virtual Network1
Tag crypto map: SDM_CMAP_1, local addr 217.86.154.120

protégé of the vrf: (none)
local ident (addr, mask, prot, port): (172.20.2.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (192.168.37.0/255.255.255.0/0/0)
current_peer 62.153.156.163 port 500
LICENCE, flags is {origin_is_acl},
#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
#pkts decaps: 585, #pkts decrypt: 585, #pkts check: 585
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
Errors #send 0, #recv 0 errors

local crypto endpt. : 217.86.154.120, remote Start crypto. : 62.153.156.163
Path mtu 1452, ip mtu 1452, ip mtu BID Dialer1
current outbound SPI: 0xB2E9E500 (3001672960)
PFS (Y/N): Y, Diffie-Hellman group: group2

SAS of the esp on arrival:
SPI: 0 x 39135054 (957567060)
transform: esp-3des esp-sha-hmac.
running parameters = {Tunnel}
Conn ID: 2003, flow_id: FPGA:3, sibling_flags 80000046, card crypto: SDM_CMAP_1
calendar of his: service life remaining (k/s) key: (4505068/1306)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVE

the arrival ah sas:

SAS of the CFP on arrival:

outgoing esp sas:
SPI: 0xB2E9E500 (3001672960)
transform: esp-3des esp-sha-hmac.
running parameters = {Tunnel}
Conn ID: 2004, flow_id: FPGA:4, sibling_flags 80000046, card crypto: SDM_CMAP_1
calendar of his: service life remaining (k/s) key: (4505118/1306)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVE

outgoing ah sas:

outgoing CFP sas:

It seems that the routing on the 1841 is working properly as I can tear down the tunnel and relaunch in scathing a host on the network of 1841, but not vice versa.

Trounleshoot VPN of the 1841 report shows a message like "the following sources are forwarded through the interface card crypto. (172.20.2.0 1) go to "Configure-> routing" and correct the routing table.

I have not found an error on the 1841 config so if one of the guys reading this thread has an idea I appreciate highly suspicion!

It's the running of the 1841 configuration

!
version 15.1
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
host name 1841
!
boot-start-marker
start the system flash c1841-adventerprisek9 - mz.151 - 1.T.bin
boot-end-marker
!
logging buffered 51200 notifications
!
AAA new-model
!
!
AAA authentication login default local
!
AAA - the id of the joint session
!
iomem 20 memory size
clock timezone PCTime 1
PCTime of summer time clock day March 30, 2003 02:00 October 26, 2003 03:00
dot11 syslog
IP source-route
!
No dhcp use connected vrf ip
!
IP cef
no ip bootp Server
IP domain name test
name of the IP-server 194.25.2.129
name of the IP-server 194.25.2.130
name of the IP-server 194.25.2.131
name of the IP-server 194.25.2.132
name of the IP-server 194.25.2.133
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
object-group network phone
VoIP phone description
Home 172.20.2.50
Home 172.20.2.51
!
redundancy
!
!
controller LAN 0/0/0
atm mode
Annex symmetrical shdsl DSL-mode B
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
isakmp encryption key * address 62.aa.bb.cc
!
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
!
map SDM_CMAP_1 1 ipsec-isakmp crypto
Description Tunnel to62.aa.bb.cc
the value of 62.aa.bb.cc peer
game of transformation-ESP-3DES-SHA
PFS group2 Set
match address 100
!
!
!
interface FastEthernet0/0
DMZ description $ FW_OUTSIDE$
10.10.10.254 IP address 255.255.255.0
IP nat inside
IP virtual-reassembly
automatic duplex
automatic speed
!
interface FastEthernet0/1
Description $ETH - LAN$ $FW_INSIDE$
IP 172.20.2.254 255.255.255.0
IP access-group 100 to
IP nat inside
IP virtual-reassembly
IP tcp adjust-mss 1412
automatic duplex
automatic speed
!
ATM0/0/0 interface
no ip address
No atm ilmi-keepalive
!
point-to-point interface ATM0/0/0.1
PVC 1/32
PPPoE-client dial-pool-number 1
!
!
interface Dialer1
Description $FW_OUTSIDE$
the negotiated IP address
IP mtu 1452
NAT outside IP
IP virtual-reassembly
encapsulation ppp
Dialer pool 1
Dialer-Group 2
PPP authentication chap callin pap
PPP chap hostname xxxxxxx
PPP chap password 7 xxxxxxx8
PPP pap sent-name of user password xxxxxxx xxxxxxx 7
map SDM_CMAP_1 crypto
!
IP forward-Protocol ND
IP http server
local IP http authentication
IP http secure server
!
!
The dns server IP
IP nat inside source static tcp 10.10.10.1 808 interface Dialer1 80
IP nat inside source static tcp 10.10.10.1 25 25 Dialer1 interface
IP nat inside source overload map route SDM_RMAP_1 interface Dialer1
IP nat inside source overload map route SDM_RMAP_2 interface Dialer1
IP route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
logging trap notifications
Note category of access list 1 = 2 CCP_ACL
access-list 1 permit 172.20.2.0 0.0.0.255
Note access-list category 2 CCP_ACL = 2
access-list 2 allow 10.10.10.0 0.0.0.255
Note access-list 100 category CCP_ACL = 4
Note access-list 100 IPSec rule
access-list 100 permit ip 172.20.2.0 0.0.0.255 192.168.37.0 0.0.0.255
Note CCP_ACL the access list 101 = 2 category
Note access-list 101 IPSec rule
access-list 101 deny ip 172.20.2.0 0.0.0.255 192.168.37.0 0.0.0.255
access-list 101 permit ip 172.20.2.0 0.0.0.255 any
Note access-list 102 CCP_ACL category = 2
Note access-list 102 IPSec rule
access-list 102 deny ip 172.20.2.0 0.0.0.255 192.168.37.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
!

!
allowed SDM_RMAP_1 1 route map
corresponds to the IP 101
!
allowed SDM_RMAP_2 1 route map
corresponds to the IP 102
!
!
control plan
!
!
Line con 0
line to 0
line vty 0 4
length 0
transport input telnet ssh
!
Scheduler allocate 20000 1000
NTP-Calendar Update
NTP 172.20.2.250 Server prefer
end

As I mentioned previously: suspicion is much appreciated!

Best regards

Joerg

Joerg,

ASA receives not all VPN packages because IOS does not send anything.

Try to send packets to the 1841 LAN to LAN of the ASA and see is the "sh cry ips its" on the 1841 increments the encrypted packets (there not)

The problem seems so on the side of the router.

I think that is a routing problem, but you only have one default gateway (no other channels on the router).

The ACL 100 is set to encrypt the traffic between the two subnets.

It seems that the ACL 101 is also bypassing NAT for VPN traffic.

Follow these steps:

Try running traffic of LAN router inside IP (source of ping 192.168.37.x 172.20.2.254) and see if the packages are not through the translation and obtaining encrypted.

I would also like to delete 100 ACL from the inside interface on the router because it is used for the VPN. You can create an another ACL to apply to the interface.

Federico.

VPN between 2 routers Cisco 1841 (LAN to LAN)

Hello

I need to connect two offices (two different LAN) using routers cisco 1841 at both ends.

Currently the two cisco router are in working condition and refer the internet LAN clients. (making the NAT).

Can someone please tell us what is the easiest way to set up a VPN between two sites, so that LAN users to an office to access mail servers electronic/request to the office LAN.

I understand that I need IPSec Site to Site VPN (I think).

Anyonce can you please advise.

Kind regards.
```
s.nasheet wrote:
Hi ,
I need to connect two offices ( two different LAN's) together using cisco 1841 routers at both end.
Currently both cisco router are in working order and  acting as a internet gateway to the LAN clients. ( doing NAT).
Can anybody please advise what is the easiest method to configure VPN between two sites so that  LAN users at one office be able to access  the  email/application servers at the other LAN office.
I understand I need IPSec Site to Site VPN  ( i think).
Can anyonce please advise.
Regards.
```
Yes, you need a VPN site-to site. Start with this link which gives a number of examples to set up a VPN S2S between 2 routers Cisco.

http://www.Cisco.com/en/us/Tech/tk583/TK372/tech_configuration_examples_list.html#anchor16

Jon

PPTP VPN between clients Windows and Cisco 2921 router

Hi all!

I have a problem with PPTP VPN between Windows clients and router Cisco 2921 with permission of RADIUS (IAS). When I try to connect to Cisco 2921 of Windows 7 by using MS-CHAP v2 I get the message 778: it was not possible to verify the identity of the server. Can I use PAP - power is OK. On Windows XP, the same situation.

Cisco config:

version 15.0

horodateurs service debug datetime msec

Log service timestamps datetime msec

encryption password service

!

hostname gw.izmv

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

AAA new-model

!

AAA authentication ppp default local radius group of

!

AAA - the id of the joint session

!

clock timezone + 002 2

!

No ipv6 cef

IP source-route

IP cef

!

!

Authenticated MultiLink bundle-name Panel

!

Async-bootp Server dns 192.168.192.XX

VPDN enable

!

VPDN-Group 1

! PPTP by default VPDN group

accept-dialin

Pptp Protocol

virtual-model 1

echo tunnel PPTP 10

tunnel L2TP non-session timeout 15

PMTU IP

adjusting IP mtu

!

redundancy

!

interface Loopback0

IP 192.168.207.1 255.255.255.0

!

!

interface GigabitEthernet0/0

Description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE $ 0/0

IP 192.168.192.XXX 255.255.255.0

IP 192.168.192.XX 255.255.255.0 secondary

IP nat inside

IP virtual-reassembly

automatic duplex

automatic speed

!

!

interface GigabitEthernet0/1

no ip address

Shutdown

automatic duplex

automatic speed

!

!

interface GigabitEthernet0/2

Description - Inet-

no ip address

NAT outside IP

IP virtual-reassembly

automatic duplex

automatic speed

PPPoE enable global group

PPPoE-client dial-pool-number 1

No cdp enable

!

!

interface virtual-Template1

IP unnumbered Loopback0

IP mtu 1492

IP virtual-reassembly

AutoDetect encapsulation ppp

by default PPP peer ip address pool

PPP mppe auto encryption required

PPP authentication ms-chap-v2

!

!

interface Dialer1

the negotiated IP address

NAT outside IP

IP virtual-reassembly

encapsulation ppp

Dialer pool 1

Dialer-Group 1

PPP authentication pap callin

PPP pap sent-username DSLUSERNAME password DSLPASSWORD

No cdp enable

!

!

IP local pool PPP 192.168.207.200 192.168.207.250

IP forward-Protocol ND

!

!

overload of IP nat inside source list NAT_ACL interface Dialer1

IP nat inside source static tcp 192.168.192.XX 25 expandable 25 82.XXX.XXX.XXX

IP nat inside source static tcp 192.168.192.XX 1352 82.XXX.XXX.XXX 1352 extensible

IP route 0.0.0.0 0.0.0.0 Dialer1

!

NAT_ACL extended IP access list

deny ip 192.168.192.0 0.0.0.255 192.168.YYY.0 0.0.0.255

deny ip 192.168.192.0 0.0.0.255 192.168.YYY.0 0.0.0.255

deny ip 192.168.192.0 0.0.0.255 192.168.YYY.0 0.0.0.255

deny ip 192.168.192.0 0.0.0.255 192.168.YYY.0 0.0.0.255

permit tcp 192.168.192.0 0.0.0.255 any eq www

permit tcp 192.168.192.0 0.0.0.255 any eq 443

permit tcp 192.168.192.0 0.0.0.255 any eq 1352

permit tcp host 192.168.192.XX no matter what eq smtp

permit tcp 192.168.192.0 0.0.0.255 any eq 22

permit tcp host 192.168.192.XX no matter what eq field

permit tcp host 192.168.192.XX no matter what eq field

permit tcp host 192.168.192.XX no matter what eq field

allowed UDP host 192.168.192.XX matter what eq field

allowed UDP host 192.168.192.XX matter what eq field

allowed UDP host 192.168.192.XX matter what eq field

!

host 192.168.192.XX auth-port 1645 1646 RADIUS server acct-port

Server RADIUS IASKEY key

!

control plan

!

!

!

Line con 0

line to 0

line vty 0 4

line vty 5 15

!

Scheduler allocate 20000 1000

end

Debugging is followed:

14:47:51.755 on 21 oct: PPP: Alloc context [294C7BC4]

14:47:51.755 on 21 oct: ppp98 PPP: Phase is

14:47:51.755 on 21 oct: ppp98 PPP: using AAA Id Unique = 8 b

14:47:51.755 on 21 oct: ppp98 PPP: permission NOT required

14:47:51.755 on 21 oct: ppp98 PPP: via vpn, set the direction of the call

14:47:51.755 on 21 oct: ppp98 PPP: treatment of connection as a callin

14:47:51.755 on 21 oct: ppp98 PPP: Session Session handle [62] id [98]

14:47:51.755 on 21 oct: ppp98 TPIF: State of the event [OPEN] [initial check]

14:47:51.755 on 21 oct: ppp98 PPP LCP: switch to passive mode, State [stopped]

14:47:53.759 on 21 oct: ppp98 PPP LCP: exit passive mode, State [departure]

14:47:53.759 on 21 oct: LCP ppp98: O CONFREQ [departure] id 1 len 19

14:47:53.759 on 21 oct: ppp98 TPIF: MRU 1464 (0x010405B8)

14:47:53.759 on 21 oct: ppp98 TPIF: AuthProto MS-CHAP-V2 (0x0305C22381)

14:47:53.759 on 21 oct: ppp98 TPIF: MagicNumber 0xF018D237 (0x0506F018D237)

14:47:53.759 on 21 oct: ppp98 TPIF: event [UP] State [departure at REQsent]

14:47:54.351 on 21 oct: ppp98 TPIF: I CONFREQ [REQsent] id 0 len 18

14:47:54.351 on 21 oct: ppp98 TPIF: MRU 1400 (0 x 01040578)

14:47:54.351 on 21 oct: ppp98 TPIF: MagicNumber 0x2F7C5F7E (0x05062F7C5F7E)

14:47:54.351 on 21 oct: ppp98 TPIF: PFC (0 x 0702)

14:47:54.351 on 21 oct: ppp98 TPIF: RAC (0 x 0802)

14:47:54.351 on 21 oct: LCP ppp98: O CONFNAK [REQsent] id 0 len 8

14:47:54.351 on 21 oct: ppp98 TPIF: MRU 1464 (0x010405B8)

14:47:54.351 on 21 oct: ppp98 TPIF: State of the event [receive ConfReq-] [REQsent to REQsent]

14:47:54.751 on 21 oct: ppp98 TPIF: I CONFACK [REQsent] id 1 len 19

14:47:54.751 on 21 oct: ppp98 TPIF: MRU 1464 (0x010405B8)

14:47:54.751 on 21 oct: ppp98 TPIF: AuthProto MS-CHAP-V2 (0x0305C22381)

14:47:54.751 on 21 oct: ppp98 TPIF: MagicNumber 0xF018D237 (0x0506F018D237)

14:47:54.751 on 21 oct: ppp98 TPIF: State of the event [receive ConfAck] [REQsent to ACKrcvd]

14:47:54.915 on 21 oct: ppp98 TPIF: I CONFREQ [ACKrcvd] id 1 len 18

14:47:54.915 on 21 oct: ppp98 TPIF: MRU 1400 (0 x 01040578)

14:47:54.915 on 21 oct: ppp98 TPIF: MagicNumber 0x2F7C5F7E (0x05062F7C5F7E)

14:47:54.915 on 21 oct: ppp98 TPIF: PFC (0 x 0702)

14:47:54.915 on 21 oct: ppp98 TPIF: RAC (0 x 0802)

14:47:54.915 on 21 oct: LCP ppp98: O CONFNAK [ACKrcvd] id 1 len 8

14:47:54.915 on 21 oct: ppp98 TPIF: MRU 1464 (0x010405B8)

14:47:54.915 on 21 oct: ppp98 TPIF: State of the event [receive ConfReq-] [ACKrcvd to ACKrcvd]

14:47:55.275 on 21 oct: ppp98 TPIF: I CONFREQ [ACKrcvd] id 2 len 18

14:47:55.275 on 21 oct: ppp98 TPIF: MRU 1464 (0x010405B8)

14:47:55.275 on 21 oct: ppp98 TPIF: MagicNumber 0x2F7C5F7E (0x05062F7C5F7E)

14:47:55.275 on 21 oct: ppp98 TPIF: PFC (0 x 0702)

14:47:55.275 on 21 oct: ppp98 TPIF: RAC (0 x 0802)

14:47:55.275 on 21 oct: LCP ppp98: O CONFACK [ACKrcvd] id 2 len 18

14:47:55.275 on 21 oct: ppp98 TPIF: MRU 1464 (0x010405B8)

14:47:55.275 on 21 oct: ppp98 TPIF: MagicNumber 0x2F7C5F7E (0x05062F7C5F7E)

14:47:55.275 on 21 oct: ppp98 TPIF: PFC (0 x 0702)

14:47:55.275 on 21 oct: ppp98 TPIF: RAC (0 x 0802)

14:47:55.275 on 21 oct: ppp98 TPIF: State of the event [receive ConfReq +] [ACKrcvd to open]

14:47:55.295 on 21 oct: ppp98 PPP: Phase is AUTHENTICATING,

14:47:55.295 on 21 oct: ppp98 MS-CHAP-V2: O CHALLENGE id 1 len 28 of 'gw.izmv '.

14:47:55.295 on 21 oct: ppp98 TPIF: State is open

14:47:55.583 on 21 oct: ppp98 MS-CHAP-V2: I ANSWER id 1 len 71 of "domain\username".

14:47:55.583 on 21 oct: ppp98 PPP: Phase TRANSFER, tempting with impatience

14:47:55.583 on 21 oct: ppp98 PPP: Phase is AUTHENTICATING, unauthenticated user

14:47:55.587 on 21 oct: ppp98 PPP: request sent MSCHAP_V2 LOGIN

14:47:55.591 on 21 oct: ppp98 PPP: received LOGIN response PASS

14:47:55.591 on 21 oct: ppp98 PPP AUTHOR: author data NOT available

14:47:55.591 on 21 oct: ppp98 PPP: Phase TRANSFER, tempting with impatience

14:47:55.595 on 21 oct: Vi3 PPP: Phase is AUTHENTICATING, authenticated user

14:47:55.595 on 21 oct: Vi3: given msg No. MS_CHAP_V2

14:47:55.595 on 21 oct: Vi3 MS-CHAP-V2: SUCCESS O id 1 len 46 msg is "tG @ #QDD @(@B@ (@[email protected]/ ** / @I @:[email protected]/ ** / @@@ EJFDE)).

14:47:55.595 on 21 oct: Vi3 PPP: Phase is in PLACE

14:47:55.595 on 21 oct: Vi3 CPIW: protocol configured, start state cf. [original]

14:47:55.595 on 21 oct: Vi3 CPIW: State of the event [OPEN] [Initial report on startup]

14:47:55.595 on 21 oct: Vi3 CPIW: O CONFREQ [departure] id 1 len 10

14:47:55.595 on 21 oct: Vi3 CPIW: address of 192.168.207.1 (0x0306C0A8CF01)

14:47:55.595 on 21 oct: Vi3 CPIW: event [UP] State [begins to REQsent]

14:47:55.595 on 21 oct: Vi3 CCP: protocol configured, start state cf. [original]

14:47:55.595 on 21 oct: Vi3 CCP: State of the event [OPEN] [Initial report on startup]

14:47:55.595 on 21 oct: Vi3 CCP: O CONFREQ [departure] id 1 len 10

14:47:55.595 on 21 oct: Vi3 CCP: MS - PPC supported bits 0 x 01000060 (0 x 120601000060)

14:47:55.595 on 21 oct: Vi3 CCP: event [UP] State [begins to REQsent]

14:47:55.599 on 21 oct: % LINK-3-UPDOWN: Interface virtual-access.3, changed State to

14:47:55.603 on 21 oct: % LINEPROTO-5-UPDOWN: Line protocol on Interface virtual-access.3, changed State to

14:47:56.027 on 21 oct: Vi3 LCP: I have TERMREQ [open] id 3 len 16

14:47:56.027 on 21 oct: Vi3 LCP: (0x2F7C5F7E003CCD740000030A)

14:47:56.027 on 21 oct: Vi3 CPIW: event [BOTTOM] State [REQsent on startup]

14:47:56.027 on 21 oct: Vi3 CPIW: State of event [CLOSE] [begins with initial]

14:47:56.027 on 21 oct: Vi3 CCP: event [BOTTOM] State [REQsent on startup]

14:47:56.027 on 21 oct: Vi3 PPP DISC: MPPE required not negotiated

14:47:56.027 on 21 oct: Vi3 PPP: sending Acct event [low] id [8B]

14:47:56.027 on 21 oct: Vi3 CCP: State of event [CLOSE] [start with initial]

14:47:56.027 on 21 oct: Vi3 LCP: O TERMACK [open] id 3 len 4

14:47:56.027 on 21 oct: Vi3 LCP: event [receive TermReq] State [Open to stop]

14:47:56.027 on 21 oct: Vi3 PPP: Phase ENDS

14:47:56.027 on 21 oct: Vi3 LCP: event [CLOSE] [off status of closing]

14:47:56.675 on 21 oct: Vi3 PPP: block vaccess to be released [0x10]

14:47:56.675 on 21 oct: Vi3 LCP: event [CLOSE] State [closing closing]

14:47:56.679 on 21 oct: Vi3 LCP: event [BOTTOM] State [closing on Initial]

14:47:56.679 on 21 oct: Vi3 PPP: compensation AAA Id Unique = 8 b

14:47:56.679 on 21 oct: Vi3 PPP: unlocked by [0x10] always locked by 0 x [0]

14:47:56.679 on 21 oct: Vi3 PPP: free previously blocked vaccess

14:47:56.679 on 21 oct: Vi3 PPP: Phase is BROKEN

14:47:56.679 on 21 oct: % LINK-3-UPDOWN: Interface virtual-access.3, changed State to down

14:47:56.683 on 21 oct: % LINEPROTO-5-UPDOWN: Line protocol on Interface virtual-access.3, state change downstairs

I'll be very grateful for any useful suggestions

We had the same problem using MS-CHAP-V2 and 3945 router using IOS 15.2. When you add the same combination of username/password locally it worked fine but it wasn't no of course of the solution. We have solved this problem by adding the following line in the config file:

AAA authorization network default authenticated if

This is because Windows 2000 clients require the use of a statement of authorization aaa in the router config. Maybe it was default (and therefore not shown) previous iOS releases.

Success!

Wil Schenkeveld

How to share files and printers between windows xp desktop that is connected to a wireless router with a laptop running windows 7. printer is connected to the desktop computer

Hi all. I normally wouldn't have a problem with that, but I must be missing something. I want to create a home network or small business between my desktop running windows xp pro sp3 and my laptop running windows 7 Home premium. I want to share files and printers. My desktop with windows xp computer is connected to a wireless router. The printer is connected to my desktop as well. My laptop is wireless with the wireless router. I tried everything I can think of to get these two devices to the network. If anyone can help. Don't forget, my printer is connected to my desktop with windows xp and is connected to my wireless router which is connected to my cable modem. Internet works fine. the laptop with windows 7's wireless and internet works fine. just impossible to get the two see each other or share what anyone. Thank you.

With respect to the sharing of printer (s), microsoft has a utility called 'Print Migrator'

Download & install, create copy, send a copy to the other pc to share its use.

Routing over VPN between ISA550W and RV215W

Hello all I have a problem with the VPN between my two office

I have an ISA550W at the head office (chcnorth)

I have a RV215W to the remote desktop (chcsouth)

the VPN is up and running, I can connect from Headquarters to remote control (chcsouth-RV215W)

and vice versa however when client computers on the remote end are trying to connect to the

Main office to access the database, they can't.

the problem started last week I received a call from the remote desktop that they can connect to our database

on the main office, I tried to connect remotely to see what was going on, it turns out that the router has completely put back

at the plant, including the firmware

I reinstalled the latest firmware for the RV215W of installation all connections as they were, I could

get VPN to connect, I can ping to the interface of the RV215W from my seat and I ping the ISA550W

the remote desktop, however my remote clients still cannot access my server at the main office

I realized after I have everything set up, I had a backup of my original installation and thinking I had

just missed something I restored it to the firmware to factory upgraded to power and restored the backup of the

RV215W I've had. still no dice

So I am now at a loss, there were no other changes to the network on both ends, I've been on this som my eyes several times

are blurred,

any ideas, workarounds for solutions would be greatly appreciated

Thanks in advance

John G

John,

It doesn't look like your question is more DNS related, as you can access the server by its IP address if the "connection" allows you to set up this way. It is quite common, that you cannot resolve names through the tunnel because netbios broadcasts will not pass. The RV215W have shared DNS within the parameters of the tunnel, so this isn't an option more.

If the "connection" is a PC, you can work around this by editing the LMHOSTS file. Please see the following instructions:

http://www.JakeLudington.com/Windows_7/20100924_how_to_edit_windows_7_lmhosts_file.html

In your case, it might look more at:

192.168.1.200 sqlsvr

Now if you ping or try to access sqlsvr from the computer, it will automatically know that it should go to 192.168.1.200 without having to find the IP address.

Answer please if you have any questions.

-Marty

How to use Layer 2 Ports on the Cisco 1841 router switch

Hello

I use the Cisco 1841 router with a single port layer 3 Fe0 and 8 Ports switched.

I gave the IP on the Fe0 port which is connected to another router.

Now I don't know how to use Layer 2 of the router switch ports.

I tried to make one of the port as a Port of access by switchport mode access and connected my laptop and the same subnet given IP, but I can't ping my Fe0 IP port and vice versa, as I am also unable to ping my laptop router.

Can someone explain to me how to use these ports on layer 2?

Hi Muhammadatifmasood, take a look at the link below, I'm sure that you will find it useful.

https://supportforums.Cisco.com/discussion/10919631/how-enable-routing-b...

BenSamayoa

Client VPN Cisco ASA 5505 Cisco 1841 router

Hello. I'm doing a connection during a cisco vpn client and a vpn on one server asa 5505 behind a 1841 router (internet adsl2 + and NAT router).

My topology is almost as follows

customer - tunnel - 1841 - ASA - PC

ASA is the endpoint vpn (outside interface) device. I forward udp port 500 and 4500 on my router to the ASA and the tunnel rises. I exempt nat'ting on the asa and the router to the IP in dhcp vpn pool. I can connect to my tunnel but I can't "see" anything in the internal network. I allowed all traffic from the outside inwards buy from the ip vpn pool and I still send packets through the tunnel and I get nothing. I take a look at the statistics on the vpn client and I 2597 bytes (ping traffic) and there are no bytes. Any idea?

Where you you logged in when you took the "crypto ipsec to show his"? If this isn't the case then try again, also this option allows IPSEC over UDP 4500 and it is disabled, enable it.

ISAKMP nat-traversal crypto

Just enter the command as it is, then try to connect again after activation of this option and get the same result to see the.

VPN problem - "C1712 behind router Linksys ' connection to PIX515e

Hi all

I have a question about VPN (lan-to-lan).

My setup is the following:

10.1.20.x-[PIX515e_central site VPN concetrator]-(( ISP ))-[LINKSYS BEFSX41 router]-[Cisco1712_branch] - 192.168.14.x

I would like to create tunnel VPN between C1712 and PIX515 (lan-to-lan), so users of 192.168.14.x would be able to connect to servers located on a central site in network 10.1.20.x.

NAT - T is manually enabled on PIX and 'IPsec passtrough' is enabled on the Linksys router. Then what should I do now to create a VPN tunnel?

What is the basic C1712 and PIX515e configuration to make it work?

All other industries (8) work, but they are directly connected to the internet via C1712, so without router Linksys in front of him. Thus, PIX is already properly configured for this configuration.

I guess that the installer with Linksys router does not work because of PAT.

6.3 (4) version PIX

C1712 Version 12.4

Please advise!

Thank you very much in advance!

This line is incorrect on the router configuration:

IP nat inside source list 6 interface FastEthernet0 overload

Please, remove it and have her take:

overload of IP nat inside source list 101 interface FastEthernet0

Hope that solves this problem.

VPN between 2 1841 router using a connection HDSL

Similar Questions

Maybe you are looking for