Cisco IPSec VPN connect but no traffic? [SOLVED]
-
Well I've never used CodeProject for anything other than C# related questions.. so here it goes: For exercise.. I am trying to create a secure VPN tunnel between this Cisco 1841 Router and a Sonicwall router. No in both routers it shows that the tunnel is active. The problem is I cannot ping / access any computers between the LANs. On the Sonicwall side I have a computer at 192.168.1.250. While on the Cisco side I have a computer at 192.168.11.55. I can not reach either one of them.. evn though the tunnel is active:
inbound esp sas:
spi: 0xD1BC1B8E(3518765966)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 3003, flow_id: FPGA:3, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4541007/2298)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVEoutbound esp sas:
spi: 0xAE589C1E(2925042718)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 3004, flow_id: FPGA:4, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4541027/2297)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVECurrent configuration : 3972 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CompsysRouter
!
boot-start-marker
boot-end-marker
!
enable secret *****************
enable password ***********
!
aaa new-model
!
!
!
aaa session-id common
ip cef
!
!
!
!
no ip domain lookup
ip domain name ********.local
ip inspect name myfw http timeout 3600
ip inspect name myfw tcp timeout 3600
ip inspect name myfw udp timeout 3600
ip inspect name myfw dns timeout 3600
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
crypto pki trustpoint TP-self-signed-1821875492
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1821875492
revocation-check none
rsakeypair TP-self-signed-1821875492
!
!
crypto pki certificate chain TP-self-signed-1821875492
certificate self-signed 01
30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383231 38373534 3932301E 170D3130 31323130 32333433
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 -
Well I've never used CodeProject for anything other than C# related questions.. so here it goes: For exercise.. I am trying to create a secure VPN tunnel between this Cisco 1841 Router and a Sonicwall router. No in both routers it shows that the tunnel is active. The problem is I cannot ping / access any computers between the LANs. On the Sonicwall side I have a computer at 192.168.1.250. While on the Cisco side I have a computer at 192.168.11.55. I can not reach either one of them.. evn though the tunnel is active:
inbound esp sas:
spi: 0xD1BC1B8E(3518765966)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 3003, flow_id: FPGA:3, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4541007/2298)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVEoutbound esp sas:
spi: 0xAE589C1E(2925042718)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 3004, flow_id: FPGA:4, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4541027/2297)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVECurrent configuration : 3972 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CompsysRouter
!
boot-start-marker
boot-end-marker
!
enable secret *****************
enable password ***********
!
aaa new-model
!
!
!
aaa session-id common
ip cef
!
!
!
!
no ip domain lookup
ip domain name ********.local
ip inspect name myfw http timeout 3600
ip inspect name myfw tcp timeout 3600
ip inspect name myfw udp timeout 3600
ip inspect name myfw dns timeout 3600
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
crypto pki trustpoint TP-self-signed-1821875492
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1821875492
revocation-check none
rsakeypair TP-self-signed-1821875492
!
!
crypto pki certificate chain TP-self-signed-1821875492
certificate self-signed 01
30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383231 38373534 3932301E 170D3130 31323130 32333433
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649Someone from Cisco forms helped me:
access-list 150 deny ip 192.168.11.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 150 permit ip 192.168.11.0 0.0.0.255 any
ip nat inside source list 150 interface fastethernet0/0 overload
no ip nat inside source list 1 interface fastethernet0/0 overload