Announcement

Collapse
No announcement yet.

No traffic through VPN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • No traffic through VPN

    I have setup an IPSec VPN between a SonicWall and my ADSL Cisco 877 ..

    The VPN comes up immediately but I can't seem to be able to pass traffic in either direction, ping or otherwise.

    Every port is open on the Sonic, from any Zone to VPN and visa versa, so I have the sneaky suspicion that my cisco box isn't configured properly.

    Maybe someone here has an idea .. Here is the relevant config

    Code:
    password encryption aes
    !
    
    crypto isakmp policy 5
     encr 3des
     authentication pre-share
     group 2
     lifetime 28800
    crypto isakmp key 6 xxx address xx.xxx.xxx.xx
    !
    !
    crypto ipsec transform-set STRONG esp-3des esp-sha-hmac 
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp 
     description Tunnel toxx.xxx.xxx.xx
     set peer xx.xxx.xxx.xx
     set transform-set ESP-3DES-SHA
     match address 100
    !
    
    interface Dialer0
     bandwidth inherit
     ip address negotiated
     no ip redirects
     no ip unreachables
     ip nat outside
     ip virtual-reassembly
     dialer pool 1
     dialer-group 1
     crypto map SDM_CMAP_1
     ip rtp header-compression iphc-format
    !
    ip nat inside source static tcp 192.168.13.240 3389 interface Dialer0 3389
    ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
    !
    logging 192.168.13.240
    access-list 1 permit 192.168.13.0 0.0.0.255
    access-list 23 permit yy.yyy.yyy.yyy
    access-list 23 permit tt.ttt.tt.ttt
    access-list 23 permit uu.uu.uuu.uu
    access-list 23 permit qq.qqq.qq.qq
    access-list 23 permit xx.xxx.xxx.xx
    access-list 23 permit ee.eee.eee.ee
    access-list 23 permit 192.168.13.0 0.0.0.255
    access-list 100 remark Traffic via VPN
    access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.9.0 0.0.0.255
    access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.10.0 0.0.1.255
    access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.4.0 0.0.0.255
    access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.16.0 0.0.15.255
    access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.32.0 0.0.15.255
    access-list 102 remark Traffic via ADSL
    access-list 102 deny   ip 192.168.13.0 0.0.0.255 192.168.9.0 0.0.0.255
    access-list 102 deny   ip 192.168.13.0 0.0.0.255 192.168.10.0 0.0.1.255
    access-list 102 deny   ip 192.168.13.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 102 deny   ip 192.168.13.0 0.0.0.255 192.168.4.0 0.0.0.255
    access-list 102 deny   ip 192.168.13.0 0.0.0.255 192.168.16.0 0.0.15.255
    access-list 102 deny   ip 192.168.13.0 0.0.0.255 192.168.32.0 0.0.15.255
    access-list 102 permit ip 192.168.13.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    !
    route-map SDM_RMAP_1 permit 1
     match ip address 102
    !
    Any help is appreciated

  • #2
    Re: No traffic through VPN

    I can't quite tell:

    Do you have ACLS permitting access both ways on both sides?

    like, it's one thing to have an ACL allowing traffic from, say, 192.168.1.0 to 192.168.2.0

    but if traffic isn't also allowed from 192.168.2.0 to 192.168.1.0 it's not going to be able to return...
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: No traffic through VPN

      Originally posted by tehcamel View Post
      I can't quite tell:

      Do you have ACLS permitting access both ways on both sides?

      like, it's one thing to have an ACL allowing traffic from, say, 192.168.1.0 to 192.168.2.0

      but if traffic isn't also allowed from 192.168.2.0 to 192.168.1.0 it's not going to be able to return...
      The remote site runs a SonicWall and it is configured to allow any port from and to the VPN.

      Now I actually noticed that any PC connected to the Cisco, can ping the private interface of the SonicWall and the remote site any station behind the Cisco, but I cannot say, RDP to it etc.

      The only ACLs configured are the ones on the Cisco - now I am a newby on Cisco stuff so I am not sure if and what is missing

      Comment


      • #4
        Re: No traffic through VPN

        you say its connected right?
        and when you do a show crypto isakmp sa it shows the tunnel active?
        and if you do a sh crypto ipsec sa you see all the networks listed in your access list?

        if thats the case then it may be a nonat issue.

        also, if your cisco 877 has the gui, it should have the vpn config wizard. launch that; it very easy to use

        Comment


        • #5
          Re: No traffic through VPN

          Thanks Will, but it is already sorted - I had a missing line in my ACL

          Comment

          Working...
          X