| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
Zindros
Member since:
2009-11-17 10:59:54 |  posted: 2009-11-17 11:01:46
vpn setup
----------
I am trying to setup a
site-to-site VPN. Site A
router is 79.129.63.208,
site B router is
213.249.2.6. The server
10.0.0.50 to site A
should exchange data with
network 10.10.33.0/24 to
site B.
The
tunnel is not
established. I get the
state "MM_NO_STATE".
Bellow is the
configuration for site A
(only importnat code). Is
the deny ACL correct ?
Server and network to the
other end belong to
different subnets.
Any suggestions ?
!
!
crypto isakmp policy
1
hash md5
authentication
pre-share
group 2
crypto isakmp key
3mph@s1s3ld1k0 address
213.249.2.6
!
!
crypto ipsec
transform-set ESP-DES-MD5
esp-des esp-md5-hmac
crypto ipsec df-bit
clear
!
crypto
map SDM_CMAP_1 1
ipsec-isakmp
description Tunnel to
213.249.2.6
set peer
213.249.2.6
set
transform-set ESP-DES-MD5
match address 104
!
!
!
interface BRI0
no
ip address
encapsulation hdlc
shutdown
!
interface ATM0
no
ip address
no snmp
trap link-status
no
atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux
ppp dialer
dialer
pool-member 1
!
dsl operating-mode
auto
!
interface
FastEthernet0
!
interface
FastEthernet1
!
interface
FastEthernet2
!
interface
FastEthernet3
!
interface Vlan1
description
Connection to firewall
ip address 10.0.0.100
255.255.255.0
ip nat
inside
ip
virtual-reassembly
ip
tcp adjust-mss 1352
no ip mroute-cache
!
interface
Dialer1
mtu 1392
bandwidth 1024
ip
address 79.129.63.208
255.255.255.0
ip nat
outside
ip
virtual-reassembly
encapsulation ppp
dialer pool 1
no
cdp enable
ppp
authentication chap pap
callin
ppp chap
hostname zaskar@otenet.gr
ppp chap password 0
p3668z1
ppp pap
sent-username
zaskar@otenet.gr password
0 p3668z1
crypto map
SDM_CMAP_1
!
interface Dialer0
ip address
194.219.211.144
255.255.255.0
shutdown
no cdp
enable
!
ip
classless
ip route
0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http
authentication local
ip http secure-server
ip http
timeout-policy idle 60
life 86400 requests 10000
ip nat inside source
static tcp 10.0.0.50 3389
interface Dialer1 3389
ip nat inside source
static udp 10.0.0.50 1000
interface Dialer1 1000
ip nat inside source
static 192.168.0.10
interface Dialer1
ip
nat inside source static
tcp 192.168.0.10 25
interface Dialer1 25
ip nat inside source
static tcp 192.168.0.10
110 interface Dialer1 110
ip nat inside source
static tcp 192.168.0.10
21 interface Dialer1 21
ip nat inside source
static tcp 192.168.0.10
80 interface Dialer1 80
ip nat inside source
static tcp 192.168.0.10
1723 interface Dialer1
1723
ip nat inside
source static tcp
192.168.0.1 23 interface
Dialer1 23
ip nat
inside source static tcp
10.0.0.50 3724 interface
Dialer1 3724
ip nat
inside source static tcp
10.0.0.50 22001 interface
Dialer1 22001
ip nat
inside source route-map
SDM_RMAP_1 interface
Dialer1 overload
!
access-list 101
permit ip 10.0.0.0
0.0.0.255 any
access-list 104 deny
ip host 10.0.0.50
10.10.33.0 0.0.0.255
access-list 104
permit ip 10.0.0.0
0.0.0.255 any
dialer-list 1
protocol ip permit
no
cdp run
route-map
SDM_RMAP_1 permit 1
match ip address 104
set ip next-hop
213.249.2.6
! |
|
