We help IT Professionals succeed at work.
Get Started
VPN Tunnel Traffic not passing
Hello,
I have a Cisco 861 router configured with a site-to-site vpn to a Linksys WRV210. The connection has worked in the passed without issue until recently. The location that has the VPN connection had other vendors come in to update other systems and I believe somehow has affected the VPN. Not fully understanding how or what it takes to troubleshoot this type of service (IPSec VPN) I loaded the 861 with a backup config. After the reload the VPN does connect but does not seem to be passing data correctly.
When I traceroute from the 861 the traffic is going through the public/WAN interface and not over the VPN tunnel.
I have not messed with the Linksys WRV210 much because it's pretty much a no brainier. However, if you feel the issue could be there I am happy to provide config and info for that device.
Cisco 861 local network: 192.168.1.0:/24
Linksys WRV210 local network: 192.168.2.0/24
Thanks for any help and let me know if you need more information to help troubleshoot this.
I have a Cisco 861 router configured with a site-to-site vpn to a Linksys WRV210. The connection has worked in the passed without issue until recently. The location that has the VPN connection had other vendors come in to update other systems and I believe somehow has affected the VPN. Not fully understanding how or what it takes to troubleshoot this type of service (IPSec VPN) I loaded the 861 with a backup config. After the reload the VPN does connect but does not seem to be passing data correctly.
When I traceroute from the 861 the traffic is going through the public/WAN interface and not over the VPN tunnel.
I have not messed with the Linksys WRV210 much because it's pretty much a no brainier. However, if you feel the issue could be there I am happy to provide config and info for that device.
Cisco 861 local network: 192.168.1.0:/24
Linksys WRV210 local network: 192.168.2.0/24
Thanks for any help and let me know if you need more information to help troubleshoot this.
!
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname santo-861
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 *REMOVED*
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
!
crypto pki trustpoint TP-self-signed-3248388390
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3248388390
revocation-check none
rsakeypair TP-self-signed-3248388390
!
!
crypto pki certificate chain TP-self-signed-3248388390
*REMOVED*
quit
no ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.79
ip dhcp excluded-address 192.168.1.120 192.168.1.254
!
ip dhcp pool main-pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.254 4.2.2.2
lease 0 12
!
!
ip cef
no ip bootp server
ip domain name *REMOVED*
ip name-server 192.168.1.254
ip name-server 4.2.2.2
!
!
license udi pid CISCO861-K9 sn FTX1337Y2C2
!
!
username *REMVOED* privilege 15 secret 5 *REMOVED*
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key *REMOVED* address *REMOVED*
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to *REMOVED*
set peer *REMOVED*
set transform-set ESP-3DES-SHA
match address VPN
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address *REMOVED* 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip default-gateway *REMOVED*
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static tcp 192.168.1.20 2368 interface FastEthernet4 2368
ip nat inside source static tcp 192.168.1.20 61002 interface FastEthernet4 61002
ip nat inside source static tcp 192.168.1.20 61031 interface FastEthernet4 61031
ip nat inside source static udp 192.168.1.20 61031 interface FastEthernet4 61031
ip nat inside source static tcp 192.168.1.20 6320 interface FastEthernet4 6320
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.242 80 *REMOVED* 80 extendable
ip nat inside source static tcp 192.168.1.242 8080 *REMOVED* 8080 extendable
ip nat inside source static tcp 192.168.1.242 8081 *REMOVED* 8081 extendable
ip nat inside source static tcp 192.168.1.243 80 *REMOVED* 80 extendable
ip nat inside source static tcp 192.168.1.243 1159 *REMOVED* 1159 extendable
ip nat inside source static tcp 192.168.1.243 1160 *REMOVED* 1160 extendable
ip nat inside source static tcp 192.168.1.244 80 *REMOVED* 80 extendable
ip nat inside source static tcp 192.168.1.244 8080 *REMOVED* 8080 extendable
ip nat inside source static tcp 192.168.1.244 8081 *REMOVED* 8081 extendable
ip route 0.0.0.0 0.0.0.0 *REMOVED*
!
ip access-list extended VPN
remark CCP_ACL Category=4
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
logging trap debugging
access-list 1 remark CCP_ACL Category=16
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=2
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 100
!
!
control-plane
!
!
line con 0
logging synchronous
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
end
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE