Hi
I am pulling my hair out here :)
Have two Cisco small office ADSL routers, 837 and 877 Cisco 837 router has been tested and works well with site to site ipsec VPN to other routers. But not the new 877 router i got.
Problem: Cisco 877 is also able to establish ike negotiation and successfully initate ipsec, however there is no data going through it. it seems like some problm with ACL and i desperately need help. Config for both routers is below. It definitely works for 827 and 837 routers, but i think i think i may be missing something because IOS in 877 router is new.
837 configuration ---------------------------------------- version: 12.3(2)XC2crypto isakmp policy 140
hash md5
authentication pre-share
lifetime 3600
crypto isakmp key 0 mysecretkey address 165.228.212.18
!crypto ipsec transform-set allsites esp-des esp-md5-hmac
!crypto map vpnmap 140 ipsec-isakmp
set peer 165.228.212.18
set security-association lifetime seconds 28800
set transform-set allsites
set pfs group1
match address 140
!interface Ethernet0
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
hold-queue 100 out
!interface Dialer1
ip address 203.142.244.16 255.255.255.0
crypto map vpnmap
!ip nat inside source list 102 interface Dialer1 overload access-list 102 deny ip 192.168.3.0 0.0.0.255 192.168.190.0 0.0.0.255 log
access-list 102 permit ip 192.168.3.0 0.0.0.255 any
access-list 140 permit ip 192.168.3.0 0.0.0.255 192.168.190.0 0.0.0.255
dialer-list 1 protocol ip permit
877 configuration ----------------------------------------version: 12.3(8r)YI2
crypto isakmp policy 140
hash md5
authentication pre-share
lifetime 3600
crypto isakmp key 0 mysecretkey address 203.142.244.16
!crypto ipsec transform-set allsites esp-des esp-md5-hmac
!crypto map vpnmap 140 ipsec-isakmp
set peer 203.142.244.16
set security-association lifetime seconds 28800
set transform-set allsites
set pfs group1
match address 140
!interface Vlan1
ip address 192.168.190.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
hold-queue 100 out
!interface Dialer1
ip address 165.228.212.18 255.255.255.0
crypto map vpnmap
!ip nat inside source list 102 interface Dialer1 overload access-list 102 deny ip 192.168.190.0 0.0.0.255 192.168.3.0 0.0.0.255 log
access-list 102 permit ip 192.168.190.0 0.0.0.255 any
access-list 140 permit ip 192.168.190.0 0.0.0.255 192.168.3.0 0.0.0.255
dialer-list 1 protocol ip permit