Hello together. I have a problem with my HSRP VPN.
The network looks like this: https://imgur.com/a/WGYFx1j
My problem is that PC0 can ping PC1 but PC1 can't ping PC0.
I think it's a problem with access-list but I wasn't able to figure out.
Router0 and Router1 are configured the same way (except their own ip address).
Router 0 config:
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key CISCO address 20.0.0.1
!
crypto ipsec transform-set VPN_TRANS esp-3des esp-md5-hmac
!
crypto map VPN_MAP 10 ipsec-isakmp
set peer 20.0.0.1
set transform-set VPN_TRANS
match address VPN_ACL
!
interface Loopback0
ip address 8.0.0.6 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.0.3 255.255.255.0
duplex auto
speed auto
standby 1 ip 10.0.0.1
standby 1 preempt
standby 1 name HSRP_1
crypto map VPN_MAP redundancy HSRP_1
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.1.3 255.255.255.0
duplex auto
speed auto
standby 2 ip 192.168.1.1
standby 2 preempt
standby 2 name HSRP_2
!
interface Serial0/1
no ip address
shutdown
!
interface Serial0/2
no ip address
shutdown
!
interface Serial0/3
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 10.0.0.7
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
ip access-list extended VPN_ACL
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Router 2 config:
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key CISCO address 10.0.0.1
!
crypto ipsec transform-set VPN_TRANS esp-3des esp-md5-hmac
!
crypto map VPN_MAP 10 ipsec-isakmp
set peer 10.0.0.1
set transform-set VPN_TRANS
match address VPN_ACL
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
no fair-queue
!
interface FastEthernet0/1
ip address 20.0.0.1 255.255.255.0
duplex auto
speed auto
crypto map VPN_MAP
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 20.0.0.7
!
!
ip nat inside source list 101 interface FastEthernet0/1 overload
!
!
ip access-list extended VPN_ACL
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
Hope you can help me :)
No comments:
Post a Comment