Avatar of jtorrrres
jtorrrresFlag for United States of America

asked on 

Cisco 800 series VPN Site to Site issue

Hello Experts,

Let me start out by saying that I am beginner when it comes to Cisco security. I have managed to get a site-to-site tunnel working between my Cisco 819 ISR router and the corp router, which FYI, I do not have access to. I was provided the information needed to establish the link and was able to get it working using VTI.

The issue I am having currently is that from my internal network (PCs connected in Fa0-3, which all are part of Vlan1), I can not access the FTP/RDP hosts located in the remote network. I can ping the hosts from the lan side and from with in the console it self. When I test telnet ftp using source Tunnel0 & GigabitEtherner0 it works and shows a status letting me know its open.

I am sure I missing something here. Any suggestions are much appreciated.

Remote network/hosts: (ftp) (rdp) (rdp)

Below is a sanitized version of config:

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ********* address 206.X.X.X
crypto ipsec transform-set ESP-MD5-HMAC esp-3des esp-md5-hmac
 mode tunnel
crypto ipsec profile PROFILE1
 set transform-set ESP-MD5-HMAC
interface Tunnel0
 ip unnumbered GigabitEthernet0
 tunnel source GigabitEthernet0
 tunnel mode ipsec ipv4
 tunnel destination 206.X.X.X
 tunnel protection ipsec profile PROFILE1
interface FastEthernet0
 no ip address
interface FastEthernet1
 no ip address
interface FastEthernet2
 no ip address
interface FastEthernet3
 no ip address
interface GigabitEthernet0
 description WAN Connection$ETH-WAN$$FW_OUTSIDE$
 ip address 68.X.X.X
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
interface Vlan1
 description Inside Network$FW_INSIDE$
 ip address
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
ip default-gateway 68.x.x.x
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 3389 interface GigabitEthernet0 3389
ip route Tunnel0
ip route Tunnel0
ip route GigabitEthernet0
ip sla auto discovery
no cdp run
access-list 23 permit

Open in new window

To summarize:
- I can ping all hosts on remote network from both console & LAN.
- Using telnet in console to test FTP seems to work but not from LAN.
- Using telnet in console to test RDP does not work nor does it work from LAN.
- The remote hosts offering FTP/RDP I know are functional. We currently have a leased line (T1) that they allowed access to their network and I am able to use remote ftp/rdp. We are getting rid of the leased line and moving, hence the move to site-to-site vpn.
CiscoVPNHardware Firewalls

Avatar of undefined
Last Comment
Avatar of Matt V
Matt V
Flag of Canada image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of jtorrrres
Flag of United States of America image


Thanks for the reply. I ended up finding out last night that they were having some routing issues. The ports were already open. After they resolved the routes, traffic was flowing.

In either case, it was on their end!

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo