IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
5 posts • Page 1 of 1
Can't understand why this is not working. I perform extended pings but will not ping at all when before it did. I did make some changes since a new T1 was installed. ANyone take a quick peek at this config....------------------------------crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2crypto isakmp key MYKEY address YYY.YYY.YYY.YYY!crypto ipsec transform-set TUNNELSET esp-3des esp-md5-hmac!crypto map TUNNEL 1 ipsec-isakmp set peer YYY.YYY.YYY.YYY set transform-set TUNNELSET match address BIZ-hq!interface Loopback1 ip address XXX.XXX.XXX.9 255.255.255.248 ip nat outside ip virtual-reassembly crypto map TUNNEL crypto ipsec df-bit clear!interface FastEthernet0/0/3 description LOCAL_LAN_INTERFACE!interface Serial0/1/0 ip address XXX.XXX.XXX.2 255.255.255.252 ip nat outside ip virtual-reassembly encapsulation ppp!interface Vlan1 ip address 192.168.150.1 255.255.255.0 ip nat inside ip virtual-reassembly!ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.1!ip nat pool T1 XXX.XXX.XXX.9 XXX.XXX.XXX.9 netmask 255.255.255.248ip nat inside source route-map nonat pool T1 overload!ip access-list extended DONOTNAT deny ip 192.168.150.0 0.0.0.255 184.108.40.206 0.0.0.255 deny ip 192.168.150.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip 192.168.150.0 0.0.0.255 anyip access-list extended BIZ-hq permit ip 192.168.150.0 0.0.0.255 220.127.116.11 0.0.0.255 permit ip 192.168.150.0 0.0.0.255 192.168.1.0 0.0.0.255!access-list 20 permit NN.NN.162.160 0.0.0.31access-list 20 permit NN.NN.197.192 0.0.0.31access-list 20 permit 192.168.150.0 0.0.0.255access-list 20 permit 192.168.9.0 0.0.0.255!route-map nonat permit 10 match ip address DONOTNAT
The VPN tunnel used to work until I moved to a different ISP which I'm using a loopback as the tunnel endpoint. Is this even possible?
You need to make sure that set peer x.x.x.x and crypto isakmp key xxxx address x.x.x.x on the other router are actually pointing to the new ip address of your router...Yes you can terminate on the loopback interface the command to do this is:crypto map map-name local-address interface-id where you interface id will be your loopback interface...for more information on this command, please refer to the following link:http://www.cisco.com/en/US/products/sw/ ... 8189please rate this post if it helps!Regards,
If found out about this command a few hours ago. Thank you though.
After adding the line as recommended, it changed nothing.