I have created a site to site Ipsec vpn with a cisco 2610 and a linksys RV042. Running a show "crypto isakmp sa" command I get a qm_idle status and when running a "show crypto ipsec sa" I see that packets are being decrypted and encrypted. Also when running the "show ip access-lists" command I do have matches to that connection.
The problem is that I am unable to ping hosts from one network to another. For example, from the Cisco router in network 192.168.0.0 I am unable to ping the remote network 192.168.2.0 and vice versa.
I am not sure what is happening. Do I need to create a route to that remote network? I guess it could also be a problem with NAT or an ACL.
crypto map FirstStep 1 ipsec-isakmp
set peer 173.x.x.x
set transform-set FirstStep
set pfs group2
match address 110
ip address 192.168.0.200 255.255.255.0
ip nat inside
ip address 70.x.x.x 255.255.255.248
ip nat outside
crypto map FirstStep
ip address 192.168.10.2 255.255.255.252
ip nat inside
service-module t1 clock source internal
service-module t1 timeslots 1-24
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 70.91.x.x
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map NONAT_NAT interface FastEthernet0/1 overload
ip access-list extended nonat_nat
remark No NAT local network to remote vpn network
deny ip 192.168.0.0 0.0.255.255 192.168.2.0 0.0.0.255
remark NAT local network to Internet
permit ip 192.168.0.0 0.0.255.255 any
access-list 110 permit ip 192.168.0.0 0.0.255.255 192.168.2.0 0.0.0.255
route-map NONAT_NAT permit 1
match ip address nonat_nat
line con 0
password 7 06351B205E42001F11
line aux 0
line vty 0 3
line vty 4
password 7 00370707165702001B
ntp clock-period 17208400
ntp server 192.168.0.103
I am not sure if this matters or not, but our company has purchased several public IP addresses that we have assigned to internal devices. As you can see in the network diagram, in the 192.168.0.0 network, the Cisco router has an IP address on the fa0/1 interface that connects to the modem of 70.210.x.x. , while the same interface on the modem that connects to the Cisco has an private address of 10.1.10.1.
The same thing happens in the 192.168.2.0 network. Could this cause problems with other things?
I do notice that I am able to ping fine to the internet from the Cisco Router in the 192.168.0.0 network. However, if a PC in the same network 192.168.0.0 network pings the internet a ping packet gets lost or is not returned, thus resulting in an 20% loss.