AchillesP
asked on
Cisco VPN Tunnel drops when no traffic pass
Cisco VPN Tunnel drops when no traffic pass on my cisco 2801. What my problem can be?
ASKER
This is my running config. Do you see any error?
!This is the running config of the router: 192.168.2.11
!-------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco2801
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$B4SQ$Bc3dc8NV5nyqatpsHm
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name Philippopoulos
ip name-server 194.219.227.2
ip name-server 193.92.150.3
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-4001756307
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-4001756307
!
!
crypto pki certificate chain TP-self-signed-4001756307
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303031 37353633 3037301E 170D3036 30353034 31353537
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303137
35363330 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B86D 601AF86A 0BA1546B ECD7A7E6 E93E85A9 389F8336 509DCC54 C04668F0
A5525FBE 76546EF6 2589A782 D83958FD 19A8FBF7 098F2194 7431BD60 869C0540
F6BBFD58 4E36E83A 90AF1BB7 047365DD 0E823842 0AC29479 A3DEBBDD B6C5E9DD
9BA66001 32C07A5B 43E2D2DA E4F2500D 79E07DBF 75EE6BCB 8A769156 9ACEA4E4
EBC10203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 149521C0 55DB421A CBCDB520 580E7548 53745F21
1E301D06 03551D0E 04160414 9521C055 DB421ACB CDB52058 0E754853 745F211E
300D0609 2A864886 F70D0101 04050003 81810065 996A7569 F38EF13E C92BD8B2
904D7DA9 1103EF0C 44474E5A 0CC49D63 238F3060 6CA15CE2 B159DF1F 00A12125
D80D6F68 CC3E6051 AE49C78E C02E7CA3 59B22802 E3BBBB4B 1B826855 94B6275A
8D4B0594 DAE8E408 A5538E0F 9C19A44E 3F3755B1 A0092867 65EA385F 02BFA424
B94BB10E 44036932 B2FC3CD8 12B38A6A 999A62
quit
username xxxxxxx privilege 15 secret 5 $1$03SC$hz4cXHG4h8Lw0nODio
!
!
class-map match-any SDMVoice-Dialer1
match protocol rtp audio
class-map match-any SDMTrans-Dialer1
match protocol citrix
match protocol finger
match protocol notes
match protocol novadigm
match protocol pcanywhere
match protocol secure-telnet
match protocol sqlnet
match protocol sqlserver
match protocol ssh
match protocol telnet
match protocol xwindows
class-map match-any SDMScave-Dialer1
match protocol napster
match protocol fasttrack
match protocol gnutella
class-map match-any SDMBulk-Dialer1
match protocol exchange
match protocol ftp
match protocol irc
match protocol nntp
match protocol pop3
match protocol printer
match protocol secure-ftp
match protocol secure-irc
match protocol secure-nntp
match protocol secure-pop3
match protocol smtp
match protocol tftp
class-map match-any SDMRout-Dialer1
match protocol bgp
match protocol egp
match protocol eigrp
match protocol ospf
match protocol rip
match protocol rsvp
class-map match-any SDMSignal-Dialer1
match protocol h323
match protocol rtcp
class-map match-any SDMManage-Dialer1
match protocol dhcp
match protocol dns
match protocol imap
match protocol kerberos
match protocol ldap
match protocol secure-imap
match protocol secure-ldap
match protocol snmp
match protocol socks
match protocol syslog
class-map match-any SDMIVideo-Dialer1
match protocol rtp video
class-map match-any SDMSVideo-Dialer1
match protocol cuseeme
match protocol netshow
match protocol rtsp
match protocol streamwork
match protocol vdolive
!
!
policy-map SDM-Pol-Dialer1
class SDMSignal-Dialer1
bandwidth remaining percent 40
set dscp cs3
compress header ip tcp
class SDMRout-Dialer1
bandwidth remaining percent 3
set dscp cs6
class SDMTrans-Dialer1
bandwidth remaining percent 33
set dscp af21
class SDMVoice-Dialer1
priority percent 70
set dscp ef
compress header ip
class SDMManage-Dialer1
bandwidth remaining percent 3
set dscp cs2
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxx address 193.92.x.x 255.255.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to Thessaloniki
set peer 193.92.x.x
set transform-set ESP-3DES-SHA
match address 100
qos pre-classify
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description Athens LAN$ES_LAN$$ETH-LAN$$ETH-S
ip address 192.168.2.11 255.255.255.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface ATM0/1/0
description Forthnet 1024 VPN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/2/0
description Forthnet 1024 VPN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/3/0
description Forthnet 1024 Internet
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 3
!
!
interface Dialer1
description Forthnet VPN$FW_INSIDE$
ip address 193.92.x.x 255.255.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp reliable-link
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map SDM_CMAP_1
service-policy output SDM-Pol-Dialer1
hold-queue 224 in
!
interface Dialer3
description Forthnet Internet$FW_OUTSIDE$
ip address 193.92.x.x 255.255.x.x
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 3
dialer-group 3
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer3 permanent
ip route 192.168.0.0 255.255.255.0 Dialer1 permanent
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer3 overload
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp host 193.92.150.3 eq domain any
access-list 102 permit udp host 194.219.227.2 eq domain any
access-list 102 deny ip 192.168.2.0 0.0.0.255 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
no cdp run
!
!
control-plane
!
banner login ^CCCCCCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
!This is the running config of the router: 192.168.2.11
!-------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco2801
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$B4SQ$Bc3dc8NV5nyqatpsHm
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name Philippopoulos
ip name-server 194.219.227.2
ip name-server 193.92.150.3
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-4001756307
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-4001756307
!
!
crypto pki certificate chain TP-self-signed-4001756307
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303031 37353633 3037301E 170D3036 30353034 31353537
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303137
35363330 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B86D 601AF86A 0BA1546B ECD7A7E6 E93E85A9 389F8336 509DCC54 C04668F0
A5525FBE 76546EF6 2589A782 D83958FD 19A8FBF7 098F2194 7431BD60 869C0540
F6BBFD58 4E36E83A 90AF1BB7 047365DD 0E823842 0AC29479 A3DEBBDD B6C5E9DD
9BA66001 32C07A5B 43E2D2DA E4F2500D 79E07DBF 75EE6BCB 8A769156 9ACEA4E4
EBC10203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 149521C0 55DB421A CBCDB520 580E7548 53745F21
1E301D06 03551D0E 04160414 9521C055 DB421ACB CDB52058 0E754853 745F211E
300D0609 2A864886 F70D0101 04050003 81810065 996A7569 F38EF13E C92BD8B2
904D7DA9 1103EF0C 44474E5A 0CC49D63 238F3060 6CA15CE2 B159DF1F 00A12125
D80D6F68 CC3E6051 AE49C78E C02E7CA3 59B22802 E3BBBB4B 1B826855 94B6275A
8D4B0594 DAE8E408 A5538E0F 9C19A44E 3F3755B1 A0092867 65EA385F 02BFA424
B94BB10E 44036932 B2FC3CD8 12B38A6A 999A62
quit
username xxxxxxx privilege 15 secret 5 $1$03SC$hz4cXHG4h8Lw0nODio
!
!
class-map match-any SDMVoice-Dialer1
match protocol rtp audio
class-map match-any SDMTrans-Dialer1
match protocol citrix
match protocol finger
match protocol notes
match protocol novadigm
match protocol pcanywhere
match protocol secure-telnet
match protocol sqlnet
match protocol sqlserver
match protocol ssh
match protocol telnet
match protocol xwindows
class-map match-any SDMScave-Dialer1
match protocol napster
match protocol fasttrack
match protocol gnutella
class-map match-any SDMBulk-Dialer1
match protocol exchange
match protocol ftp
match protocol irc
match protocol nntp
match protocol pop3
match protocol printer
match protocol secure-ftp
match protocol secure-irc
match protocol secure-nntp
match protocol secure-pop3
match protocol smtp
match protocol tftp
class-map match-any SDMRout-Dialer1
match protocol bgp
match protocol egp
match protocol eigrp
match protocol ospf
match protocol rip
match protocol rsvp
class-map match-any SDMSignal-Dialer1
match protocol h323
match protocol rtcp
class-map match-any SDMManage-Dialer1
match protocol dhcp
match protocol dns
match protocol imap
match protocol kerberos
match protocol ldap
match protocol secure-imap
match protocol secure-ldap
match protocol snmp
match protocol socks
match protocol syslog
class-map match-any SDMIVideo-Dialer1
match protocol rtp video
class-map match-any SDMSVideo-Dialer1
match protocol cuseeme
match protocol netshow
match protocol rtsp
match protocol streamwork
match protocol vdolive
!
!
policy-map SDM-Pol-Dialer1
class SDMSignal-Dialer1
bandwidth remaining percent 40
set dscp cs3
compress header ip tcp
class SDMRout-Dialer1
bandwidth remaining percent 3
set dscp cs6
class SDMTrans-Dialer1
bandwidth remaining percent 33
set dscp af21
class SDMVoice-Dialer1
priority percent 70
set dscp ef
compress header ip
class SDMManage-Dialer1
bandwidth remaining percent 3
set dscp cs2
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxx address 193.92.x.x 255.255.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to Thessaloniki
set peer 193.92.x.x
set transform-set ESP-3DES-SHA
match address 100
qos pre-classify
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description Athens LAN$ES_LAN$$ETH-LAN$$ETH-S
ip address 192.168.2.11 255.255.255.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface ATM0/1/0
description Forthnet 1024 VPN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/2/0
description Forthnet 1024 VPN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/3/0
description Forthnet 1024 Internet
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 3
!
!
interface Dialer1
description Forthnet VPN$FW_INSIDE$
ip address 193.92.x.x 255.255.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp reliable-link
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map SDM_CMAP_1
service-policy output SDM-Pol-Dialer1
hold-queue 224 in
!
interface Dialer3
description Forthnet Internet$FW_OUTSIDE$
ip address 193.92.x.x 255.255.x.x
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 3
dialer-group 3
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer3 permanent
ip route 192.168.0.0 255.255.255.0 Dialer1 permanent
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer3 overload
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp host 193.92.150.3 eq domain any
access-list 102 permit udp host 194.219.227.2 eq domain any
access-list 102 deny ip 192.168.2.0 0.0.0.255 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
no cdp run
!
!
control-plane
!
banner login ^CCCCCCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Looks like you also need a separate route statement for your VPN peer if you want all traffic to go out the 2nd dsl line:
>set peer 193.92.x.x
Add:
ip route 193.92.x.x 255.255.255.255 Dialer1
You don't really need this one:
>ip route 192.168.0.0 255.255.255.0 Dialer1 permanent
>set peer 193.92.x.x
Add:
ip route 193.92.x.x 255.255.255.255 Dialer1
You don't really need this one:
>ip route 192.168.0.0 255.255.255.0 Dialer1 permanent
ASKER
>set peer 193.92.x.x (I HAVE IT ALREADY)
Add:
ip route 193.92.x.x 255.255.255.255 Dialer1 (I ADD IT)
You don't really need this one:
>ip route 192.168.0.0 255.255.255.0 Dialer1 permanent (IF I DELETE THIS ROUTE I CAN NOT PING THE OTHER SIDE)
Add:
ip route 193.92.x.x 255.255.255.255 Dialer1 (I ADD IT)
You don't really need this one:
>ip route 192.168.0.0 255.255.255.0 Dialer1 permanent (IF I DELETE THIS ROUTE I CAN NOT PING THE OTHER SIDE)
OK, so if you keep the route to 192.168.0.0, does the tunnel come up and work correctly?
What is status of "show cry is sa"
What is status of "show cry is sa"
ASKER
Yes if i keep the route 192.168.0.0 the tunnel work.
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
193.92.43.9 193.92.43.10 QM_IDLE 1001 0 ACTIVE
IPv6 Crypto ISAKMP SA
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
193.92.43.9 193.92.43.10 QM_IDLE 1001 0 ACTIVE
IPv6 Crypto ISAKMP SA
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So, if the tunnel is working and automatically comes back up whenever there is traffic to pass, then what is the issue? As I said, it is working as designed.
ASKER
It was a problem of cisco 2801 rommon. I did the update and now the tunnel never drops. Thanks.
This is working as designed.