Hi to all... I need a little help with a problem... My situation is as follow: There is a central office, with a isa server that filter the internet traffic, and a branch office without a server. Due to a direct request of the factory owner, i need to use 2 cisco1801 with site to site vpn for connecting the offices, It also want to use the same router for normal internet navigation on both sites. On the main office i've configured the 1801 with the int Fast0, joined with the wlan interfaces in a virtual bridge (BVI2 192.168.200.200/24), and the vlan1 (fast0-8) is alone in the BVI1 group (10.0.0.2/24) . The BVI1 is connected to the external port of the isa server (10.0.0.1/24), and uses nat for a little dmz. The BVI2 is connected to the local lan (with the internal interface of isa - 192.168.200.1), so that the wlan traffic will pass the isa rules. Really strange config, isn't? On the branch office, the 1801 is configured as internet gateway with nat, and the traffic will be not filtered. (int BVI1 192.168.201.200/24). I've made a config with internet working, vpn site to site working, restrictive access lists, and so on, but i have a trouble... For not adding a default gateway to all the clients on the main office (as the actual default gateway is the isa server), on the internal lan port of the isa server i've made a static route with destination 192.168.201.x and gateway 192.168.200.200 for redirecting the traffic to the other side of the vpn. Now, all seem to work, pings are working, but when i launch (for example) a terminal session on a server on the other site (both sites), the connection is established, the terminal session will start, but the screen remain empty, and there is no futher data traffic, and the connection will drop.
Seem that i've missed a route, but where? With tracert on a machine on the branch office to the isa server i've discovered that packets goes to destination, the first passage is the 1801, the second is null ( *
- * ), and the third is the destination
One thing that i notice is that ping on client machines on both sides are working, but from the routers i'm not able to ping any of the hosts placed on the other side of the vpn. Why?
Can someone help me? What i'm missing? Thanks!