Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Site-To-Site VPN with Cisco 887

Posted on 2014-03-05
2
Medium Priority
?
2,305 Views
Last Modified: 2014-03-07
I have a client with Cisco 887 router on each site, and I need to create a vpn between sites, I have added this to my config, but no VPN works:

crypto isakmp key *VPNpsk#1 address XXX.XXX.XXX.XXX
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
 mode tunnel
!
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to XXX.XXX.XXX.XXX
 set peer XXX.XXX.XXX.XXX
 set transform-set ESP-3DES-SHA
 match address 100
!
bridge irb

access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

any ideas, or working configs??
0
Comment
Question by:fns-netsys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 2000 total points
ID: 39909516
It's hard to say without seeing the entire configuration. Depending on how the rest of your configuration looks, you may be running into problems with NAT, external ACLs, &c.

If you're connecting a pair of IOS routers, you can simplify things a bit by using a virtual tunnel interface. This eliminates complexities with NAT and allows you to use standard routing.

Router 1:

crypto isakmp key *VPNpsk#1 address x.x.x.x no-xauth
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile crypto-ipsec-pr-vti
 set transform-set ESP-3DES-SHA
!
interface Tunnel0
 ip address 192.168.255.0 255.255.255.254
 tunnel source Dialer1 (or whatever your outside interface is)
 tunnel mode ipsec ipv4
 tunnel destination x.x.x.x
 tunnel protection ipsec profile crypto-ipsec-pr-vti
!
ip route 192.168.2.0 255.255.255.0 Tunnel0

Router 2:

crypto isakmp key *VPNpsk#1 address x.x.x.x no-xauth
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile crypto-ipsec-pr-vti
 set transform-set ESP-3DES-SHA
!
interface Tunnel0
 ip address 192.168.255.1 255.255.255.254
 tunnel source Dialer1 (or whatever your outside interface is)
 tunnel mode ipsec ipv4
 tunnel destination x.x.x.x
 tunnel protection ipsec profile crypto-ipsec-pr-vti
!
ip route 192.168.1.0 255.255.255.0 Tunnel0

Also, make sure that your access lists are allowing ISAKMP (500/udp) and ESP to reach the router.
0
 

Author Closing Comment

by:fns-netsys
ID: 39914229
Awesome, thank you so much! this worked flawlessly.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question