Configuring a vpn with cisco router 827

You may wish to investigate the Cisco 827 Config Wizard:

Cisco 827 IPSec Configuration:

Cisco 827 GUI Config:

Cisco 827 Firewall IPSec Configuration:

Cisco 827 Business Configuration:

Cisco 827 Firewall PPTP Configuration:

Cisco 827 Firewall Configuration:

Cisco 827 Basic Configuration:

Hope this helps.

Brad Reese BradReese.Com - Global Cisco Systems Pre-Sales Support

Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Technical Forums

"Paybar" wrote in message news: snipped-for-privacy@s13g2000cwa.googlegroups.com... I have some problems with the configuration of a ipsec VPN between a cisco 827 router and a Sonicwall 4060. The status of the tunnels is ok (IKE and IPSEC), but hosts doesn´t comunicate. The problem is problaby the nat or any access list, could someone help me??

Regards

This is the configuration:

--------------------------------------------------------------------------------------------------------------- Current configuration : 1762 bytes ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname testing ! enable secret 5 $1$tCeE$HbJVPnsXI0t5yO/BzN.Zu/ ! no aaa new-model ip subnet-zero ! ! ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! ! ! ! crypto isakmp policy 15 encr 3des authentication pre-share group 2 lifetime 28800 crypto isakmp key 0 password address 83.97.195.248 ! crypto ipsec security-association lifetime seconds 28800 ! crypto ipsec transform-set strongsha esp-3des esp-sha-hmac ! crypto map tosonicwall 15 ipsec-isakmp set peer 83.97.195.248 set transform-set strongsha match address 115 ! ! ! ! interface Ethernet0 ip address 192.168.2.1 255.255.255.0 ip nat inside no ip mroute-cache no cdp enable hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point ip address 217.127.73.218 255.255.255.192 ip nat outside pvc 8/32 encapsulation aal5snap ! crypto map tosonicwall ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address shutdown duplex auto speed auto ! interface FastEthernet3 no ip address shutdown duplex auto speed auto ! interface FastEthernet4 no ip address shutdown duplex auto speed auto ! ip nat inside source list 101 interface ATM0.1 overload ip classless ip route 0.0.0.0 0.0.0.0 ATM0.1 no ip http server no ip http secure-server ! access-list 101 permit ip 192.168.2.0 0.0.0.255 any access-list 115 permit ip 192.168.2.0 0.0.0.255 172.16.0.0 0.0.0.255 no cdp run ! line con 0 no modem enable line aux 0 line vty 0 4 password --------- login ! scheduler max-task-time 5000 ! end

You need to remove your acl 101 and modify it to deny the nat for the VPN tunnel

no access-list 101 access-list 101 deny ip 192.168.2.0 0.0.0.255 172.16.0.0 0.0.0.255 access-list 101 permit ip 192.168.2.0 0.0.0.255 any

-Brian

are there any matches showing against the access lists

! 1.clear access list counters

clear access-list counters 101 clear access-list counters 101

! 2. send traffic over tunnel

! 3 check for matches against access lists

show access-list 101 show access-list 115

Thanks for all your response

I have to try this changes. More things... How I send all vpn traffic over the tunnel?? Is it with a route-map or denying the acls is sufficient?

Regards

Merv ha escrito:

The crypto map tells it to send it in to the tunnel, you specify that in the "match address" statement.

The deny statement tells in not to NAT that specific traffic.

Thanks Brian, tomorrow I will try this things

regards

Brian V ha escrito: