VPN to Three Sites, getting issues with one. Please audit config.

VPN to Three Sites, getting issues with one. Please audit config.

Post by Evolutio » Sat, 17 Dec 2005 05:23:20


Does anyone see anything wrong with this config?
access-list 100 permit ip 172.16.133.0 255.255.255.0 192.168.168.0
255.255.255.0
access-list 100 permit ip 172.16.133.0 255.255.255.0 172.16.135.0
255.255.255.0
access-list 110 permit ip 172.16.133.0 255.255.255.0 192.168.168.0
255.255.255.0
access-list 130 permit ip 172.16.133.0 255.255.255.0 172.16.135.0
255.255.255.0
access-list 140 permit ip host 24.43.199.10 10.1.0.0 255.255.0.0
access-list 140 permit ip host 24.43.199.10 host 192.168.200.10
access-list 140 permit ip host 24.43.199.10 10.10.10.0 255.255.255.0
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
crypto map mymap 10 match address 140
crypto map mymap 10 set peer 64.115.172.99
crypto map mymap 10 set transform-set myset
crypto map mymap 20 ipsec-isakmp
crypto map mymap 20 match address 110
crypto map mymap 20 set peer 64.115.182.84
crypto map mymap 20 set transform-set myset
crypto map mymap 30 ipsec-isakmp
crypto map mymap 30 match address 130
crypto map mymap 30 set peer 66.40.19.2
crypto map mymap 30 set transform-set myset
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 64.115.172.99 netmask 255.255.255.255
isakmp key ******** address 64.115.182.84 netmask 255.255.255.255
isakmp key ******** address 66.40.19.2 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400


I can establish tunnels to 20 and 30, but get ACL errors with 10...not
sure what the problem could be. Please audit this config. Thanks!

-rws
 
 
 

1. site to site VPN,first site is fine, the second one won't work!

2. Site to Site VPN OK Call Manager Express tftp issues over VPN ?

Hi All,

I have a Cisco pix 515 at head office, and an 1801 router at a remote
location.



At head office there is a Call Manager Express router, with a few phones
that register with the CME router ok. At the remote location I have a Cisco
IP plugged into the 1801 and it tries to register but fails, on cme I get
the following messages:



*Oct 4 13:54:03.282: %IPPHONE-6-REG_ALARM: Name=SEP000E386DCFEB
Load=CP79050101
SCCP030530B.zup Last=Initialized
*Oct 4 13:54:03.282: %IPPHONE-6-REGISTER: ephone-2:SEP000E386DCFEB
IP:192.168.1
.54 Socket:2 DeviceType:Phone has registered.
*Oct 4 13:54:04.304: %IPPHONE-6-UNREGISTER_ABNORMAL:
ephone-2:SEP000E386DCFEB I
P:192.168.1.54 Socket:2 DeviceType:Phone has unregistered abnormally.
cmerouter#



From the remote location I can ping the cme router and telnet to it on port
2000. I'm sure there is a multicast issue. I think tftp is timing out with
the ip phone?



Any help would be greatly appreciated.



Thanks,



Craig.

3. Weired problem with site-to-site vpn: only one side of the vpn works !?

4. ISA 2006 EE - Site to Site VPN with three ISA Arrays

5. Site to Site VPN config advice?

6. Internal VPN client- connects to remote vpn site - Using RDP and gets redirects to localhost

7. Auditing SQL Agent Jobs (C2 Audit or third-part software)

8. Removed first exchange server 2003 from site getting errors PLEASE HELP

9. Site-site vpn with SBS ... please help!

10. Odd Site to Site VPN Problem - pix515e Please help!

11. Site to Site VPN sbs2003 ISA 2004 - please help

12. ISA 2000 Site to Site VPN Latency Issues

13. Site-To-Site VPN Issues

14. Site 2 Site VPN Issues

15. Site to Site VPN routing issues