Cisco 871 Site to Site VPN Issues 1

[ryancfields]

Hey i'm Ryan from Seattle, new member to the site. Anyway I have gone through the CCNA courses and have some background but am struggling with an issues on the Cisco 871's.

They have the Easy VPN software, and it seems simple enough to connect two sites, but I have been having a lot of trouble.

Basically all I want to do is connect two offices (with static IP addresses) using a Cisco 871 in each location. I can't seem to get the Site to Site VPN to work.

Does anyone have a walk through of a sample setup using the Site to Site? That would be a huge help.

Thanks in advance,

Ryan

 

[NettableWalker]

HI Ryan,

Try this:

set the crypto IPSEC parameters and peer,apply the crypto map to the dialer interface then set the ACL to direct traffic through the VPN and it should just work. Do the same on the other end of course

Check with:

Router#show crypto isakmp sa

and
Router#show crypto ipsec sa

Hope this helps.

MCP,CCA, Net+, 1 quarter CCNP...

 

[NettableWalker]

and the forgotten config......

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ray837
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
enable secret 5 xxxxxxxxxxxxxxxxx1
!
no aaa new-model
!
resource policy
!
clock timezone GMT 1
ip subnet-zero
!
!

!
ip cef
no ip domain lookup
no ip bootp server
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 icmp
no ip ips deny-action ips-interface
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
username rxxxxxxxxxxxxxxxxx1 privilege 15 password 7 0xxxxxxxxxxxxxxxxx11
!
!
!
crypto isakmp policy 1
authentication pre-share
group 2
lifetime 7200

crypto isakmp key xxxxxxxxxxxxxxxxx address xx.xx.xx.xx
!
crypto ipsec security-association lifetime kilobytes 5242880
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set RAYPDC2 esp-3des esp-sha-hmac
!
crypto map pdcvpn 25 ipsec-isakmp
set peer xx.xx.xx.xx
set transform-set RAYPDC2
set pfs group2
match address 135
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description Connected to Local Network
ip address 10.5.0.203 255.255.0.0
ip directed-broadcast
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
!

interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1300
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname xxxxxxxxxxxxxxxxx1
ppp chap password 7 xxxxxxxxxxxxxxxxx1
ppp pap sent-username xxxxxxxxxxxxxxxxx1 password 7 xxxxxxxxxxxxxxxxx1
ppp ipcp dns request
ppp ipcp wins request
crypto map pdcvpn
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
!
access-list 10 remark Telnet Access
access-list 10 permit xx.xx.xx.xx 0.0.0.15
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 10 permit any
access-list 20 remark SNMP access
access-list 20 permit 10.0.0.0 0.255.255.255
access-list 100 remark ----- Inbound ACL -----
access-list 100 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 100 deny ip any any
access-list 102 deny ip 10.5.0.0 0.0.255.255 10.0.0.0 0.0.255.255
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 135 remark VPN Access
access-list 135 permit ip 10.5.0.0 0.0.255.255 10.0.0.0 0.0.255.255
dialer-list 1 protocol ip permit
snmp-server community ray RO 20
snmp-server enable traps tty
!
!
control-plane
!
!
line con 0
exec-timeout 300 0
login local
no modem enable
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
stopbits 1
line vty 0 4
session-timeout 15 output
access-class 10 in
exec-timeout 300 0
password 7 0xxxxxxxxxxx
login local
transport input telnet ssh
!
no scheduler max-task-time

end




MCP,CCA, Net+, 1 quarter CCNP...