Help configuring Site to Site VPN between Cisco 871 and 3000 Concentrator

Having problems with IPsec VPN tunnel.  The tunnel is up (Concentrator Sessions):
Bytes TX=0 but Bytes RX=848  

Which may possibly be a nat issue on the 800 series router? (Config is below)

*****OUTPUT FROM CONCENTRATOR*****
Connection Name IP Address Protocol Encryption Login Time Duration Bytes Tx Bytes Rx

TEST TUNNEL 98.98.98.98 IPSec/LAN-to-LAN 3DES-168 Apr 07 15:01:04 0:01:15 0 848

IKE Sessions: 1
IPSec Sessions: 1
 
IKE Session  
Session ID 1  Encryption Algorithm 3DES-168  
Hashing Algorithm MD5  Diffie-Hellman Group Group 2 (1024-bit)  
Authentication Mode Pre-Shared Keys  IKE Negotiation Mode Main  
Rekey Time Interval 86400 seconds  
IPSec Session  
Session ID 2  Remote Address 172.20.100.0/0.0.0.255  
Local Address 10.0.0.0/0.31.255.255  Encryption Algorithm 3DES-168  
Hashing Algorithm MD5  Encapsulation Mode Tunnel  
PFS Group 2  Rekey Time Interval 28800 seconds  
Rekey Data Interval 4608000 KBytes  
Bytes Received 848  Bytes Transmitted 0

*****ROUTER CONFIG*****
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$N0CS$fSSjC9FRdi9ecuSjcn9sH.
enable password 7 06021F351D195E4F
!
no aaa new-model
!
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip domain name mydomain.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username adminuser privilege 15 secret 5 $1$AZTH$LHDH2KSkF0wpLm2RORd0I.
!
!
!
!
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key password address 99.99.99.99
!
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
!
crypto map outside_map 1 ipsec-isakmp
 set peer  99.99.99.99
 set transform-set ESP-3DES-MD5
 set pfs group2
 match address 110
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2

interface FastEthernet3
!
interface FastEthernet4
 ip address 98.98.98.98 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map outside_map
!
interface Vlan1
 ip address 172.20.100.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map nonat interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 98.98.98.1
!
access-list 110 permit ip 172.20.100.0 0.0.0.255 10.0.0.0 0.31.255.255
access-list 120 deny   ip 172.20.100.0 0.0.0.255 10.0.0.0 0.31.255.255
access-list 120 permit ip 172.20.100.0 0.0.0.255 any
!
!
!
!
route-map nonat permit 10
 match ip address 120
!
!
control-plane
!
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 access-class 1 in
 exec-timeout 30 0
 privilege level 15
 logging synchronous
 login local
 terminal-type mon
 transport preferred ssh
 transport input ssh
!
end
drreimAsked:
Who is Participating?
 
drreimConnect With a Mentor Author Commented:
There was nothing wrong with this configuration.  I had an incorrect route in the core switch. Once i changed it it was passing traffic both ways.
0
 
kavinagpurCommented:
Can u send me a running configuration of both router?
Have u Static IP for both Router, I will Give u simple way if u want
0
All Courses

From novice to tech pro — start learning today.