Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: I set up a Site to Site VPN but can not get traffic to go th

I set up a Site to Site VPN but can not get traffic to go th 8 years 10 months ago #32904

  • jrecho
  • jrecho's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 3
  • Thank you received: 0
No ping from one side to the other nothing. I see the tunnel up but I get this error when I try to ping
I get in Site B this error
3 Dec 02 2009 16:17:38 305005 10.10.20.55 No translation group found for icmp src outside:10.10.10.157 dst Inside:10.10.20.55 (type 8, code 0)


Here is the config
Site A
Public 196.XXX.XXX.XXX
inside 10.10.10.0/24
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.10.0 255.255.255.0 10.10.20.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 82.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface Outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 82.XXX.XXX.XXX type ipsec-l2l
tunnel-group 82.XXX.XXX.XXX ipsec-attributes
pre-shared-key ***

SiteB
Public
82.XXX.XXX.XXX
Inside: 10.10.20.0/24

crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.20.0 255.255.255.0 10.10.10.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 196.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 196.XXX.XXX.XXX type ipsec-l2l
tunnel-group 196.XXX.XXX.XXX ipsec-attributes


An

Re: I set up a Site to Site VPN but can not get traffic to go th 8 years 10 months ago #32946

Please provide us with your complete configuration file and mask out any confidential IP addresses and passwords or the like.

good luck
  • Page:
  • 1
Time to create page: 0.133 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup