INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

IPSec VPN

IPSec VPN

(OP)
The configuration that I am going to say was not done by me, the only think I did was to create the IPSec VPN between both Sites, and that goes up.
The IPSec VPN is done in the ISP Router in both sites (Watchguard and PepWave)
The problem is the following.
Site A can ping Site B Cisco Router and all his interfaces. Then the Cisco Router in Site B is connected to a Cisco Switch 2900 Series (trunk mode in the switch), the problem is that I cannot ping any device that is under the Cisco Switch (included the switch which has the IP 10.0.1.10 has you will see), been going around for days and have not found the correct config.
Site A works fines and I will not show any config because is connected to other Sites and working
Site B has the following:

Cisco Router config (works has a call manager too):

interface GigabitEthernet0/0.1
description 1
encapsulation dot1Q 1 native
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.20
description 20
encapsulation dot1Q 20
ip address 10.0.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.30
description 30
encapsulation dot1Q 30
ip address 10.0.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.40
description 40
encapsulation dot1Q 40
ip address 10.0.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description ISP
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

Cisco Switch Config:

nterface GigabitEthernet1/0/1
description VOICE VLAN 20
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/2
description VOICE VLAN 20
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/3
description VOICE VLAN 20
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/4
description VOICE VLAN 20
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/5
description VOICE VLAN 20
switchport access vlan 20
switchport mode access

And so on....

interface GigabitEthernet1/0/48
description uplink
switchport mode trunk
switchport nonegotiate

interface Vlan1
ip address 10.0.1.10 255.255.255.0
!
interface Vlan20
no ip address
!
interface Vlan30
no ip address
!
interface Vlan40
no ip address
!
ip default-gateway 10.0.1.1
ip http server
ip http secure-server
ip sla enable reaction-alerts




Please let me know how to make Site A access as well Site B switch and the devices connected to it.

RE: IPSec VPN

You don't show any of the VPN configuration. This could be caused by access list issues, routing issues, etc. I think a full config (remove keys/passwords/IPs as needed) from both sites would help allot.

CCNA, A+, HP Certified Professional

RE: IPSec VPN

Except for the NAT, which you don't show a full configuration for, everything looks fine. Can you ping from 10.0.1.1 to 10.0.1.10?

PSC
— CCNPx3 (Security/R&S/Wireless) • MCITP: Enterprise Admin • MCSE —

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --from "Hackers"

RE: IPSec VPN

(OP)
problem is fixed thank you. The problem was in the routing of the ISP Router that has the IPsec VPN, once the routed was created manually the problem was fixed.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close