f



Cisco 1700 Site-Site VPN

Hello,

I'm trying to set up a Site to Site VPN with two Cisco 1700 Routers. But
I didn't get it to fly. When the tunnel ist setup the routing doesn't
work or other things.

Here is what I want to do:

192.168.4.0/24 -- RouterA --- INTERNET --- RouterB -- 192.168.6.0/24

Router A and Router B have a static IP. Lets Say IPA and IPB.
Here is my config of RouterB. RouterA locks mostly the same except it
does Dialup so the interface on the outside is Dialer0.
I didn't find the failer. Can someone plz help me out?

Router config from Router B
============================
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterB
!
boot system flash c1700-k9o3sy7-mz.122-11.t11.bin
logging buffered 4096 debugging
aaa new-model
!
!
aaa authentication login local_auth local
aaa session-id common
enable secret 5 SECPASSWORD
!
username USER password 0 PASSWORD
memory-size iomem 25
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.6.1 192.168.6.20
!
ip dhcp pool dhcpKoeln
   network 192.168.6.0 255.255.255.0
   default-router 192.168.6.1
!
ip audit notify log
ip audit po max-events 100
ip ssh authentication-retries 4
!
!
crypto isakmp policy 110
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key KEY123 address IPA
!
!
crypto ipsec transform-set mine esp-3des esp-sha-hmac
!
crypto map mymap 10 ipsec-isakmp
 set peer IPA
 set transform-set mine
 match address 102

!
interface Ethernet0
 description ContactLAN-Koeln
 ip address 192.168.6.1 255.255.255.0
 half-duplex
 no cdp enable
!
interface FastEthernet0
 ip address IPB 255.255.252.0
 speed auto
 no cdp enable
 crypto map mymap
!
ip classless
ip route 0.0.0.0 0.0.0.0 IPB-Gateway
ip route 192.168.4.0 255.255.255.0 IPA
no ip http server
ip pim bidir-enable
!
!
access-list 102 permit ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255
no cdp run
!
!
end



0
5/4/2007 3:54:31 PM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

2 Replies
734 Views

Similar Articles

[PageSpeed] 24

Alexander Gr�mmer schrieb:
> Hello,
> 
> I'm trying to set up a Site to Site VPN with two Cisco 1700 Routers. But
> I didn't get it to fly. When the tunnel ist setup the routing doesn't
> work or other things.
> 
> Here is what I want to do:
> 
> 192.168.4.0/24 -- RouterA --- INTERNET --- RouterB -- 192.168.6.0/24
> 
> Router A and Router B have a static IP. Lets Say IPA and IPB.
> Here is my config of RouterB. RouterA locks mostly the same except it
> does Dialup so the interface on the outside is Dialer0.
> I didn't find the failer. Can someone plz help me out?
> 
> Router config from Router B
> ============================
> !
> version 12.2
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname RouterB
> !
> boot system flash c1700-k9o3sy7-mz.122-11.t11.bin
> logging buffered 4096 debugging
> aaa new-model
> !
> !
> aaa authentication login local_auth local
> aaa session-id common
> enable secret 5 SECPASSWORD
> !
> username USER password 0 PASSWORD
> memory-size iomem 25
> ip subnet-zero
> !
> !
> ip dhcp excluded-address 192.168.6.1 192.168.6.20
> !
> ip dhcp pool dhcpKoeln
>    network 192.168.6.0 255.255.255.0
>    default-router 192.168.6.1
> !
> ip audit notify log
> ip audit po max-events 100
> ip ssh authentication-retries 4
> !
> !
> crypto isakmp policy 110
>  encr 3des
>  hash md5
>  authentication pre-share
>  group 2
> crypto isakmp key KEY123 address IPA
> !
> !
> crypto ipsec transform-set mine esp-3des esp-sha-hmac
> !
> crypto map mymap 10 ipsec-isakmp
>  set peer IPA
>  set transform-set mine
>  match address 102
> 
> !
> interface Ethernet0
>  description ContactLAN-Koeln
>  ip address 192.168.6.1 255.255.255.0
>  half-duplex
>  no cdp enable
> !
> interface FastEthernet0
>  ip address IPB 255.255.252.0
>  speed auto
>  no cdp enable
>  crypto map mymap
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 IPB-Gateway
> ip route 192.168.4.0 255.255.255.0 IPA
> no ip http server
> ip pim bidir-enable
> !
> !
> access-list 102 permit ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255
> no cdp run
> !
> !
> end

Most probably you have private LAN ip addresses on both sides and 
NAT/PAT to the public interface's ip address.
Then you'll need to exclude the traffic for the tunnel to the remote 
side from NAT.

-- 
Uli
0
Uli
5/4/2007 5:38:03 PM
Uli Link schrieb:
> 
> Most probably you have private LAN ip addresses on both sides and
> NAT/PAT to the public interface's ip address.
> Then you'll need to exclude the traffic for the tunnel to the remote
> side from NAT.

I have only nat on one side.
I have the following nat configuration:

interface Dialer0
 ip nat outside

interface FastEthernet0
 description CONTACT-AC
 ip address 192.168.4.1 255.255.255.0
 ip nat inside

ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit 192.168.4.0 0.0.0.255

Is that so far right?

I now have changed my config to match the "Site-to-Site VPN Busisness
Scenarios" from the Cisco IOS Enterprise VPN Configuration Guide.

I can now do Ping from 192.168.4.111 to 192.168.6.1

> Ping wird ausgef�hrt f�r 192.168.6.1 mit 32 Bytes Daten:
> 
> Antwort von 192.168.6.1: Bytes=32 Zeit=184ms TTL=254
> Antwort von 192.168.6.1: Bytes=32 Zeit=102ms TTL=254
> Antwort von 192.168.6.1: Bytes=32 Zeit=126ms TTL=254
> Antwort von 192.168.6.1: Bytes=32 Zeit=150ms TTL=254

traceroute

> Routenverfolgung zu 192.168.6.1 �ber maximal 30 Abschnitte
> 
>   1     1 ms     1 ms     1 ms  192.168.4.1
>   2   117 ms   102 ms   102 ms  192.168.6.1

When I want to ping from 192.168.6.1 to 192.168.4.111

RouterK#ping 192.168.6.111

> RouterK#ping 192.168.6.111
> 
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.6.111, timeout is 2 seconds:
> ...
> Success rate is 0 percent (0/3)

The trace looks like this:

> RouterK#traceroute 192.168.4.111
> 
> Type escape sequence to abort.
> Tracing the route to 192.168.4.111
> 
>   1 172.17.3.3 56 msec 52 msec 56 msec
>   2  *  *

in the router a I only have this nat translation:

> udp IPB:137    192.168.4.111:137  172.16.8.5:137     172.16.8.5:137

that apreas when I do the ping from 192.168.4.111 to 192.168.6.1

a ping in the other directions stops. ;(

SETUP
======
192.168.4.0 -|RouterAC|- IPB --INTERNET-- IPA -|RouterK|-192.168.6.0


I post again the complete config of my routers:

RouterAC
========

RouterAC#show run
Building configuration...

Current configuration : 2330 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterAC
!
logging buffered 4096 debugging
aaa new-model
!
!
aaa authentication login local_auth local
aaa session-id common
enable secret 5 <removed>
!
username <removed> password 0 <removed>
memory-size iomem 20
ip subnet-zero
!
!
ip domain-name <removed>
ip name-server 194.8.194.60
ip name-server 213.168.112.60
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 4
vpdn enable
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
!
crypto isakmp policy 1
 authentication pre-share
 lifetime 84600
crypto isakmp key test12345 address IPA
!
!
crypto ipsec transform-set proposal1 ah-sha-hmac esp-des esp-sha-hmac
 mode transport
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
!
crypto map s1first local-address Dialer0
crypto map s1first 1 ipsec-isakmp
 set peer IPA
 set transform-set proposal1
 match address 101
!
!
!
!
interface Tunnel0
 bandwidth 180
 ip address 172.17.3.3 255.255.255.0
 tunnel source IPB
 tunnel destination IPA
 crypto map s1first
!
interface Ethernet0
 description DSL-AC
 no ip address
 half-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0
 description CONTACT-AC
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
 no keepalive
 speed auto
 full-duplex
 no cdp enable
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 no ip mroute-cache
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username <removed>@netcologne.de password 7 <removed>
!
ip nat inside source list 1 interface Dialer0 overload
no ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.6.0 255.255.255.0 Tunnel0
no ip http server
no ip pim bidir-enable
!
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 101 permit gre host IPB host IPA
no cdp run
!
banner login ^C
Dies ist der Router der Firma Contact Personal Service in AACHEN
^C
!
line con 0
line aux 0
line vty 0 4
 login authentication local_auth
 transport input ssh
!
end

RouterK:
========

RouterK#show run
Building configuration...

Current configuration : 1695 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterK
!
boot system flash c1700-k9o3sy7-mz.122-11.t11.bin
logging buffered 4096 debugging
aaa new-model
!
!
aaa authentication login SSH local
aaa session-id common
enable secret 5 $1$jdEd$JQFMcFNXV/8IhxCZ9O/3s1
!
username ice password 0 alex123
memory-size iomem 25
ip subnet-zero
!
!
ip domain name contactpersonal.de
ip dhcp excluded-address 192.168.6.1 192.168.6.20
!
ip dhcp pool dhcpKoeln
   network 192.168.6.0 255.255.255.0
   default-router 192.168.6.1
!
ip audit notify log
ip audit po max-events 100
ip ssh authentication-retries 4
!
!
crypto isakmp policy 1
 authentication pre-share
 lifetime 84600
crypto isakmp key test12345 address IPB
!
!
crypto ipsec transform-set proposal1 ah-sha-hmac esp-des esp-sha-hmac
 mode transport
!
crypto map s1first local-address FastEthernet0
crypto map s1first 1 ipsec-isakmp
 set peer 87.78.66.88
 set transform-set proposal1
 match address 101
!
!
!
!
interface Tunnel1
 bandwidth 180
 ip address 172.17.3.6 255.255.255.0
 tunnel source IPA
 tunnel destination IPB
 crypto map s1first
!
interface Ethernet0
 ip address 192.168.6.1 255.255.255.0
 no keepalive
 full-duplex
 no cdp enable
!
interface FastEthernet0
 ip address IPA 255.255.252.0
 no ip mroute-cache
 no keepalive
 speed auto
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 137.226.28.1
ip route 192.168.4.0 255.255.255.0 Tunnel1
no ip http server
ip pim bidir-enable
!
!
access-list 101 permit gre host IPA host IPB
no cdp run
!
!
line con 0
line aux 0
line vty 0 4
 transport input ssh
!
end
0
ISO
5/5/2007 9:39:44 PM
Reply:

Similar Artilces:

Vpn site to site + vpn cisco client access list problem.
Hi I have problem to get vpn site to site tunnel and the vpn client tunnel to work at the same time. How can I join access list 80 and 100 so i can add them to nat "(inside) 0 access-list 80" I got a pix 501 and 2620 and on the pix 501 It's accessible thugh Cisco VPN client. The config on the pix 501: : Written by admin at 15:32:22.817 CEDT Mon Aug 7 2006 PIX Version 6.3(5) interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password g4JAhKwvQDnczMDZ encrypted passwd g4JAhKwvQDnczMDZ encrypted ...

Site to Site VPN routing
I am trying to connect a Cisco 1841 router to a Nortel VPN Router 1010 via a IPSEC VPN tunnel. I actually have the tunnel up and running. My problem is that I cannot figure out how to tell the Cisco Router to route traffic from its private network to the private network on the Nortel Router. The Nortel Router seems to just route traffic to the Cisco Router's public interface and it works. If I put a static route in the Cisco Router to route to the Nortel Router's public interface, I get nothing. Any help would be appreciated. On Sep 21, 1:46 pm, peachma...@yahoo.com wrote: > I...

Cisco 877 NAT and site-site VPN
Hello, Can you NAT a site-to-site VPN? I have a Cisco 877 which I have been using for internet access. My internal network 10.10.10.0/24 is hidden behind the router's static external IP address using NAT. Now I am trying to set up a VPN to another company, Their firewall is 199.99.99.99. Within their network I need to access computers in subnet 177.77.77.0/24 I set up the VPN using Cisco Security Device Manager (SDM) - This changed my NAT rule to use route-map so that the NAT and VPN would not conflict, This means that my internal addresses are not hidden from the other end of the VPN, they see 10.10.10.x as the source address ip nat inside source list 1 interface Dialer0 overload became ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload route map SDM_RMAP_1 permit 1 match ip address 103 access-list 103 deny ip 10.10.10.0 0.0.0.255 177.77.77.0 0.0.0.255 access-list 103 permit ip 10.10.10.0 0.0.0.255 any However the other company cannot route my 10.10.10.x address within their internal networks because it conflicts with addresses they are using. I tried deleting access-list 103 deny ip 10.10.10.0 0.0.0.255 177.77.77.0 0.0.0.255 in the hope that this would cause it to NAT my traffic inside the VPN but it didn't seem to help. Can I amend my configuration so that my internal addresses are translated to something they can use? Can I reinstate NAT for the VPN somehow so that the other end sees my traffic as having ...

How to Configure Site-to-Site VPN in Cisco Routers
Hi all, I have done a simplified step-by-step procedure to do site-to-site VPN. Please take a look at it and give me your notes. Is it clear and simple? did I miss something? How to Configure Site-to-Site VPN in Cisco Routers http://www.routergeek.net/content/view/50/37/ All feedback is welcomed. Regards, Mohammed Mohammed Alani wrote: > I have done a simplified step-by-step procedure to do site-to-site > VPN. Please take a look at it and give me your notes. Is it clear and > simple? did I miss something? Yes. You do not give the router models and IOS versions. Change the router or the IOS version and things look different. Gerald On May 2, 12:13 pm, Gerald Vogt <v...@spamcop.net> wrote: > Mohammed Alani wrote: > > I have done a simplified step-by-step procedure to do site-to-site > > VPN. Please take a look at it and give me your notes. Is it clear and > > simple? did I miss something? > > Yes. You do not give the router models and IOS versions. Change the > router or the IOS version and things look different. > > Gerald Thank you for taking the time to look at the article Gerald. Your note is true. The procedure works on SOHO routers and few of the other routers. I will add it. Mohammed ...

How to Configure Site-to-Site VPN in Cisco Routers
Hi all, I have done a simplified step-by-step procedure to do site-to-site VPN. Please take a look at it and give me your notes. Is it clear and simple? did I miss something? How to Configure Site-to-Site VPN in Cisco Routers http://www.routergeek.net/content/view/50/37/ All feedback is welcomed. Regards, Mohammed ...

How to Configure Site-to-Site VPN in Cisco Routers
Hi all, I have done a simplified step-by-step procedure to do site-to-site VPN. Please take a look at it and give me your notes. Is it clear and simple? did I miss something? How to Configure Site-to-Site VPN in Cisco Routers http://www.routergeek.net/content/view/50/37/ All feedback is welcomed. Regards, Mohammed ...

Cisco ASA 5500 to Router site to site VPN
I'm trying to setup a site to site VPN between a Cisco 3725 and a ASA5505, I am able to create a VPN between the ASA5505 and a PIX515 and the 3725 router and a 2600 router so I'm not sure what I'm missing when it comes to the router/ASA combo. My two configurations are below... ASA5500 : Saved : ASA Version 7.2(4) ! hostname bambam domain-name default.domain.invalid enable password blah encrypted passwd blah encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 172.31.12.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group ppoe ip address pppoe setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid access-list COLO_VPN extended permit ip 172.31.12.0 255.255.255.0 172.31.0.0 255.255.0.0 access-list nonat extended permit ip 172.31.12.0 255.255.255.0 172.31.0.0 255.255.0.0 access-list nonat extended permit ip 172.31.12.0 255.255.255.0 172.16.2.0 255.255.255.0 access-list nonat extended permit ip 172.31.12.0 255.255.255.0 172.31.1.0 255.255.255.0 access-list nonat extended permit ip 172.31.12.0 255.255.255.0 192.168.10.96 255.255.255.240 access-list nonat extended permit ip any 192.168.10.96 255.255.255.240 access-list outside_2_cryptomap extended ...

Site to Site VPN error on Cisco ASA5500 and router 1800
Hi All, When I configured site to site VPN between Cisco ASA 5500 (outside IP address: 1.2.3.4, inside ip: 192.168.0.50) and 1800 router (outside IP address 5.6.7.8, inside ip: 192.168.46.1), I got the following error and can not establish VPN tunnel: 1. Error on ASA 5500: |11:45:35|713904|||IP = 5.6.7.8, Received encrypted packet with no matching SA, dropping |11:45:35|113019|||Group = 5.6.7.8, Username = 5.6.7.8, IP = 5.6.7.8, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:00m: 00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch |11:45:35|713902|||Group = 5.6.7.8, IP = 5.6.7.8, Removing peer from correlator table failed, no match! |11:45:35|713902|||Group = 5.6.7.8, IP = 5.6.7.8, QM FSM error (P2 struct &0x97f6d50, mess id 0xba4d2406)! |11:45:35|713904|||Group = 5.6.7.8, IP = 5.6.7.8, All IPSec SA proposals found unacceptable! |11:45:35|713119|||Group = 5.6.7.8, IP = 5.6.7.8, PHASE 1 COMPLETED |11:45:35|113009|||AAA retrieved default group policy (LAN-LAN) for user = 5.6.7.8 |11:45:35|713903|||Group = 5.6.7.8, IP = 5.6.7.8, Freeing previously allocated memory for authorization-dn-attributes |11:45:35|713172|||Group = 5.6.7.8, IP = 5.6.7.8, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device 2. Debug info on 1800 router: 13:28:50 Local7.Debug 192.168.46.1 2448: 13:28:50 Local7.Debug 192.168.46.1 2447: *Jan 4 18:29:17.255: ISAKMP: (2018):Old State = IKE_DEST_SA New State = IKE_DEST_...

Cisco PIX 501-515 Site-to-Site VPN Issue
I'm deferring to the experts in this group to help me solve a nightmare of a PIX configuration issue. I have a PIX 501 located in Connecticut and a PIX 515 located in New York and am trying to put together a site-to-site VPN. The remote access on the 515 works like a charm, but I've been unable to make any headway with the site-to-site. The only way that I've been able to initiate the connection, in fact, is to launch the packet tracer on the 515 to 'send' a packet from an IP on the 515's network to an IP on the 501's. Everything comes back okay, but if I try to ping or connect to any machine on either of the networks from the other one, it doesn't go through, and no useful debugging information seems to be returned. If anyone has any insight into what might be going on, your advice would be tremendously appreciated. I've copied the configurations below and have removed only the clearly-irrelevant parts. PIX 501: Internal IP Range: 10.0.2.0/255.255.255.0 External IP: x.x.123.29 PIX 515: Internal IP Range: 10.0.0.0/255.255.255.0 Remote Access: 10.0.1.0/255.255.255.0 External IP: x.x.23.17 CISCO PIX 501 IN CONNECTICUT PIX Version 6.3(5) access-list outside_access_in permit icmp any any access-list outside_access_in permit tcp any any object-group TCP access-list inside_outbound_nat0_acl permit ip 10.0.2.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.0.2.0 255.255....

Cisco!! Cisco!! Cisco!!
From http://groups.google.com/group/comp.dcom.sys.cisco/about Top posters This month 18 mer...@geeks.org 11 alagmy 10 bo...@hotmail.co.uk 9 galt...@hotmail.com 9 nom...@example.com 8 troffa...@hotmail.com 8 igor.mamuzicmakni_...@zg.t-com.hr 7 pfisterf...@gmail.com 7 darfun....@gmail.com 6 jfmezei.spam...@vaxination.ca All time 4799 rober...@ibd.nrc-cnrc.gc.ca 2930 aaron@cisco.com 2813 Merv 2370 t...@cisco.com 2356 vcjo...@networkingunlimited.com 1984 b...@cisco.com 1959 bar...@genuity.net 1898 hb...@_nyc.rr.com.remove_ 1745 u...@alp.ee.pbz 1670 bar...@bbnplanet.com -- Member - Liberal International This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 Born 29 Jan 1969 Redhill,Surrey,England UK ...

VPN
Here is my debug and config... it appears as if the tunnel is being set up but I cannot access the remote LAN. Any suggestions? TIA. : Saved : PIX Version 6.3(5) fixup protocol tftp 69 names access-list 102 permit tcp any any eq www access-list 102 permit icmp any any access-list 102 permit icmp any any echo-reply access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.252.0 access-list 101 permit icmp any any access-list NoNAT permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.252.0 ip address outside 1.1.1.1 255.255.255.248 ip address inside 10.1.1.1 255.255.255.0 global (outside) 1 1.1.4 nat (inside) 0 access-list NoNAT nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group 102 in interface outside route outside 0.0.0.0 0.0.0.0 1.1.1.123 1 sysopt connection permit-ipsec crypto ipsec transform-set abcd1 esp-des esp-md5-hmac crypto map map1 1 ipsec-isakmp crypto map map1 1 match address 101 crypto map map1 1 set peer 4.4.4.4 crypto map map1 1 set transform-set abcd1 crypto map map1 interface outside isakmp enable outside isakmp key ******** address 4.4.4.4 netmask 255.255.255.255 isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 : end pixfirewall(config)# ********************************** ISAKMP (0): beginning Main Mode exchange crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing SA pa...

Site-to-Site VPN & VPN Server
We currently have a site-to-site VPN. We would like to also setup our own VPN so our agents can work from home. When I use the SDM to setup the VPN server, it takes down the site-to-site. Questions are: 1) Is this possible, if so, then thats great :-) 2) If it is possible, is SDM the best in setting up this? Can I have the same IP Sec Policy for both vpns? I haven't had any luck using SDM. Best to go on to CCO and look for some sample configs to help you with this. If you cannot find any, then post your config, and take out the IP"s and passwords so we are not tempted t...

RE: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site)
From: Hoff Hoffman [mailto:hoff-remove-this@hp.com]=20 Sent: Wednesday, August 16, 2006 2:06 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) JF Mezei wrote: > Barry.Treahy@EmersonNetworkPower.com wrote: >> You might find the costs to migrate everything from the 4000/100 models >> to replacement CHARON 4000/108 emulated systems cost effect especially >=20 > If he starts to evaluate migration costs, he might find it cheaper to > migrate to Linux or Windows. Yes, ...

RE: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) #2
-----Original Message----- From: Dave Froble [mailto:davef@tsoft-inc.com]=20 Sent: Thursday, August 17, 2006 12:23 AM To: Info-VAX@Mvb.Saic.Com Subject: Re: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) Stanley F. Quayle wrote: > On 16 Aug 2006 at 14:42, Barry.Treahy@EmersonNetworkPower.com wrote: >> You might find the costs to migrate everything from the 4000/100 models >> to replacement CHARON 4000/108 emulated systems cost effect >=20 > Another CHARON-VAX possibility [Shameless Plug Alert (tm)] is to=20 ...

Site to site VPN
Hi, I've got a problem with a site to site VPN. My company runs web services for its customers. As part of the set up for one of them I've had to set up a VPN between us and them (I'm using a safe@office 500P, they're using a PIX). The VPN works well, but when it is up, the customer can no longer access our web service. It's been suggested that they should be using internal IP addresses to access the service, but unfortunately this doesn't work either. As far as I can see, when the VPN is up, all access to our services is being sent down the tunnel rather...

site to site VPN
hi all, i use 878 router (open internet line) and user connect to server (back of 878) with site to site VPN. i can try to server with RDP but i can't. but i can try to connect over internet to Remote desktop i can do it. how can i connect to server over RDP ( with site-to-site vpn) ? thanks ...

site to site VPN 481668
Hello all, We are bringing in vpn connections from client sites which terminate in our DMZ area. The circuits and the associated routers belong to the clients, and the routers at our site also belong to them. currently we are routing the traffic into our site through a Microsoft ISA server with multiple NIC's installed. I want to change that to a cisco router like a 3662 or something along those lines. The problem that I forsee is that we are using the 10.0.0.0 network, and so do some of our clients, so if I am at host 10.0.0.1 on our network and need to talk to host 10.0.0.1 on the client...

PIX site-to-site VPN
Internet / \ 11.11.11.11 22.22.22.22 ADSL Router ADSL Router 10.0.11.254 10.0.0.22.254 | | 10.0.11.1 10.0.22.1 PIX 506E PIX 501 192.168.11.254 192.168.22.254 | | New York LAN San Jose LAN http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72b.html I am trying to set up a hardware VPN based on the link above, but the multiple internet IP setup in the document has confused me. The following is what I intend to add to the ...

MTU with Site to Site VPN
New to this so bear with me. Just set up a site to site IPSec connection with a site we have in Brasil. On the US side is a Cisco VPN 3005 concentrator and in Brasil is a Netgear VPN/Router. I'm seeing alot of dropped packets in the Cisco stats so I'm guessing we might have a MTU issue? They are on a ADSL connection, we are on a T1...both sites set at 1500 MTU. When I do a ping -f -l from the US to their router, I can go up to 1472. When I do it through the VPN, I can go up to 1272. Does this mean the MTU should be set to 1300? And if so, is that just on their router or do I ha...

Site to site VPN into China?
Has anyone successfully established a site to site VPN from Australia or New Zealand through to China? We have recently established a Shanghai office and soon will need to extend the network through to that office. We already have VPN connections into our other International offices and these work well. We have all the required Cisco kit to make it happen and a good understanding from a technical perspective on what is needed configuration wise. I have the following questions that need answers though in relation to China Internet connectivity: 1. Are there reliable ISP's in Shanghai who ...

site-to-site vpn #2
show a sample configuration, there are two routers with two ISPs they set up a choice of providers in the fall of another, you need to connect 2 routers tunnel, in what way will be a choice on what sort of tunnel back to work, please give an example of working configuration. R1------------- isp1--------------R2 -------------isp2 -------------- "Slava" <1vasya1@gmail.com> wrote in message news:96d9a0ec-12fe-4495-ae8f-3847ed01d3d4@n6g2000vbg.googlegroups.com... > > show a sample configuration, there are two routers with two ISPs > they set up a choice of providers in the fall of another, you need to > connect 2 routers tunnel, > in what way will be a choice on what sort of tunnel back to work, > please give an example of working configuration. > > R1------------- isp1--------------R2 > -------------isp2 -------------- do your own homework On 2011-12-20 03:29:43 -0700, Slava said: > show a sample configuration, there are two routers with two ISPs > they set up a choice of providers in the fall of another, you need to > connect 2 routers tunnel, > in what way will be a choice on what sort of tunnel back to work, > please give an example of working configuration. > > R1------------- isp1--------------R2 > -------------isp2 -------------- Most people here would be happy to help, if you show that you are willing to do your...

sites-to-sites vpn with sonicwall
Hi there, I'm trying to configure a site-to-site vpn using 2 sonicwall PRO with manual key. I've followed the technical paper on sonicwall website but here's my problem: 1- the "green light" is ok in the vpn tab of both sonicwall, so the vpn tunnel is up and running 2- my network is like that (fake addresses) 192.168.1.x --S/w pro 202.202.202.202 ----204.204.204.204S/W pro --192.168.0.x 3- If 192.168.1.x try to ping 192.168.0.x I get this message on the 204 sonic wall: "IPSec packet dropped" from address 202.202.202.202 to 204.204.204.204 4- If I look to the vpn statistic on the Sonicwall "202", I see packet that comes out but not in 5- If I look to the vpn statistics on the sonicwall "204" I see no packet at all I know it's probably a config errors but if somebody could help me it would be greatly appreciated. regards -- Marco Girouard ...

site-2-site VPN
Hi everybody, I was asking about the S2S VPN lately, but have a bit different question now. What are the industry standards / best practices to securely connect two company branches? I was thinking of a VPN connection, but it does not allow one to connect two identical subnets e.g. 10.11.12.0/24 with 10.11.12.0/24. Is there a way to connect two offices via VPN and reduce or eliminate the possibility of subnet overlap? Thanks, AL ALeu schrieb: > I was asking about the S2S VPN lately, but have a bit different question > now. What are the industry standards / best practices to sec...

Site to Site VPN Problem
Dear all I am facing a problem in Site to Site VPN between PIX 515E and FireBox the problme is that only one subnet is working as we have 4 vlans (10.0.208.0,10.3.48.0,10.2.0.0,10.1.0.0) and I am only able to access the other side of network (172.16.0.0 in FireBOX) from 10.1.0.0 subnet and while remaining subnets are unable to connect what can be the reason. Below is the config access-list ispf_vpn permit ip 10.0.208.0 255.255.240.0 172.16.0.0 255.255.0.0 access-list ispf_vpn permit ip 172.16.0.0 255.255.0.0 10.0.208.0 255.255.240.0 access-list ispf_vpn permit ip 10.3.48.0 255.255.240.0...

Web resources about - Cisco 1700 Site-Site VPN - comp.dcom.sys.cisco

Twitter blocking third party sites and apps that run on the site that don't make them money
TWITTER is taking the fun out of Twitter by blocking access for third party developers it cannot make money from.

The Best Tech News Site That Isn't a Tech News Site That Didn't Exist Yesterday
There are lots of places to get a day’s worth of comprehensive tech coverage. Like the site you’re reading now, for instance. And Techmeme does ...

Deal Sites Selling Deals On Deals Sites: Google Offers Discount on Design Discounter One Kings Lane
... #salesonsalesonsales. The Google deal apparently offers a 50 percent discount to buy items on One Kings Lane , which is itself a discount site ...

Reminder: We're counting buyouts, site-by-site
Check this read-only spreadsheet to see if your worksite is represented in my list of the number of employees qualified for buyouts and the number ...

How To Design A Sex Video Site That Isn't A Porn Site
Building a modern porn site isn't as easy as throwing up some x-rated videos and hoping that people see them. MakeLoveNotPorn.tv is a new type ...

[技术分享]小谈 TMG 建立 IPsec Site-to-Site VPN - 微软大中华区安全博客 - 比特博客
TMG作为微软的网关产品可以和其他产品建立Site-to-Site VPN,这样可以让两端防火墙后面的指定资源实现互访。而IPsec VPN是当前比较流行的VPN,又可以和其他设备兼容。在配置过程中,不少客户遇 ..

Google: Hacked sites far worse than attack sites
The new Safe Browsing section of Google's Transparency Report shows that you face a significantly bigger threat from compromised legit sites ...

Apple adds site-by-site Java support to Safari for OS X 10.6
The latest version of Safari gives Snow Leopard users more control over what Java content is displayed.

Google launches site to help webmasters of hacked sites
Google has launched a site for webmasters whose sites have been hacked, something that the company says happens thousands of times every day. ...

MegaUpload Founder Trots Out New File-Sharing Site Claiming It Totally Isn’t A Pirate Site
( FlyinAce2000 ) Megaupload founder Kim Dotcom celebrated the one-year anniversary of his site getting shut down with the birth of his brand ...

Resources last updated: 3/28/2016 6:48:28 PM