Technical Discussion
  >> Technical Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Gomjaba
(newbie) Wed 01-Jun-11 16:56:57
Print Post

No traffic through VPN


[link to this post]
 
I have setup an IPSec VPN between a SonicWall and my ADSL Cisco 877 ..

The VPN comes up immediately but I can't seem to be able to pass traffic in either direction, ping or otherwise.

Every port is open on the Sonic, from any Zone to VPN and visa versa, so I have the sneaky suspicion that my cisco box isn't configured properly.

Maybe someone here has an idea .. Here is the relevant config, any help is appreciated

----------------------------

password encryption aes
!

crypto isakmp policy 5
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key 6 xxx address xx.xxx.xxx.xx
!

!
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!

crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toxx.xxx.xxx.xx
set peer xx.xxx.xxx.xx
set transform-set ESP-3DES-SHA
match address 100
!

interface Dialer0
bandwidth inherit
ip address negotiated
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
dialer pool 1
dialer-group 1
crypto map SDM_CMAP_1
ip rtp header-compression iphc-format
!

ip nat inside source static tcp 192.168.13.240 3389 interface Dialer0 3389
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!

logging 192.168.13.240
access-list 1 permit 192.168.13.0 0.0.0.255
access-list 23 permit yy.yyy.yyy.yyy
access-list 23 permit tt.ttt.tt.ttt
access-list 23 permit uu.uu.uuu.uu
access-list 23 permit qq.qqq.qq.qq
access-list 23 permit xx.xxx.xxx.xx
access-list 23 permit ee.eee.eee.ee
access-list 23 permit 192.168.13.0 0.0.0.255
access-list 100 remark Traffic via VPN
access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.10.0 0.0.1.255
access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.16.0 0.0.15.255
access-list 100 permit ip 192.168.13.0 0.0.0.255 192.168.32.0 0.0.15.255
access-list 102 remark Traffic via ADSL
access-list 102 deny ip 192.168.13.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.13.0 0.0.0.255 192.168.10.0 0.0.1.255
access-list 102 deny ip 192.168.13.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 deny ip 192.168.13.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 102 deny ip 192.168.13.0 0.0.0.255 192.168.16.0 0.0.15.255
access-list 102 deny ip 192.168.13.0 0.0.0.255 192.168.32.0 0.0.15.255
access-list 102 permit ip 192.168.13.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!

!
route-map SDM_RMAP_1 permit 1
match ip address 102
!
  Print Thread

Jump to