Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: I set up a Site to Site VPN but can not get traffic to go th

I set up a Site to Site VPN but can not get traffic to go th 7 years 1 week ago #32904

  • jrecho
  • jrecho's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
No ping from one side to the other nothing. I see the tunnel up but I get this error when I try to ping
I get in Site B this error
3 Dec 02 2009 16:17:38 305005 10.10.20.55 No translation group found for icmp src outside:10.10.10.157 dst Inside:10.10.20.55 (type 8, code 0)


Here is the config
Site A
Public 196.XXX.XXX.XXX
inside 10.10.10.0/24
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.10.0 255.255.255.0 10.10.20.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 82.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface Outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 82.XXX.XXX.XXX type ipsec-l2l
tunnel-group 82.XXX.XXX.XXX ipsec-attributes
pre-shared-key ***

SiteB
Public
82.XXX.XXX.XXX
Inside: 10.10.20.0/24

crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.20.0 255.255.255.0 10.10.10.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 196.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 196.XXX.XXX.XXX type ipsec-l2l
tunnel-group 196.XXX.XXX.XXX ipsec-attributes


An
The administrator has disabled public write access.

Re: I set up a Site to Site VPN but can not get traffic to go th 7 years 5 days ago #32946

  • sys-halt
  • sys-halt's Avatar
  • Offline
  • Frequent Member
  • Posts: 68
  • Karma: 0
Please provide us with your complete configuration file and mask out any confidential IP addresses and passwords or the like.

good luck
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup