Options
Cisco 2600 VPN point to point problem.
Hi all,
I’m trying to set up VPN ptp between Cisco 2600 router and PIX 501. I know PIX 501 quite well so I’m sure is set up correctly. However Cisco 2600 is for me black magic.....
I found some documents with advanced configuration and following steps wasn’t able to establish tunnel. Could you help me and give any link with basic set up please? I need something very clear which will be suitable for my Cisco router knowledge.
Many thanks.
I’m trying to set up VPN ptp between Cisco 2600 router and PIX 501. I know PIX 501 quite well so I’m sure is set up correctly. However Cisco 2600 is for me black magic.....
I found some documents with advanced configuration and following steps wasn’t able to establish tunnel. Could you help me and give any link with basic set up please? I need something very clear which will be suitable for my Cisco router knowledge.
Many thanks.
Comments
-
Options
PiotrIr
Member Posts: 236
Many thansk for your reply. Here is the config:
Building configuration...
Current configuration : 1745 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable password xxxxxxx
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 10.10.11.1
!
ip dhcp pool pool1
network 10.10.11.0 255.255.255.0
dns-server 208.67.222.222
default-router 10.10.11.1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key abc address x.x.x.x
crypto isakmp keepalive 12
!
!
crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
!
!
crypto map s4second local-address FastEthernet0/0
crypto map s4second 2 ipsec-isakmp
set peer x.x.x.x
set transform-set 3DES-MD5
match address 110
!
!
!
!
interface FastEthernet0/0
description WAN IP Address
ip address dhcp
ip nat outside
speed auto
half-duplex
crypto map s4second
!
interface FastEthernet0/1
description LAN GATEWAY
ip address 10.10.11.1 255.255.255.0
ip nat inside
speed auto
half-duplex
!
ip nat inside source list 5 interface FastEthernet0/0 overload
ip http server
no ip http secure-server
no ip classless
!
!
access-list 5 permit 10.10.11.0 0.0.0.255
access-list 110 permit ip 10.10.11.0 0.0.0.255 192.168.231.0 0.0.0.255
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxx
login
!
!
end -
Optionswastedtime
Member Posts: 586 ■■■■□□□□□□
I just going to take a stab at this. It looks like you may be Nating your VPN traffic. Make sure you exclude your VPN traffic from the Nat traffic. Also I would double/triple check you got phase one and two the same for both devices. Other then that I would just check your debugs/show commands which are listed in this link along with a nat example.
Configuring IPSec Router-to-Router with NAT Overload and Cisco Secure VPN Client - Cisco Systems -
OptionsPiotrIr
Member Posts: 236
It is working
Many thanks for your help, this link is what exacely I was looking for.
One again, many thanks.
