Files Shares & Site to Site VPN

Hello,

I have a site to site vpn. Here is the layout:

Internal | Cisco 1841 | T1 | Symantec Router | Branch Office

The VPN link establishes very vell I can ping the server in the branch office, however I can't access the files shares on the branch server. I know I have access, so I am wondering if there is something I am missing?

Posted below is my configuration:

Using 6453 out of 196600 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname PMCGateway ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging buffered 51200 errors logging console critical enable secret 5 ... enable password 7 ... ! aaa new-model ! ! aaa authentication login local_auth local aaa authentication login china local aaa authorization network china local ! aaa session-id common no ip source-route no ip gratuitous-arps ip cef ! ! ip tcp synwait-time 10 ip tcp intercept connection-timeout 3600 ip tcp intercept watch-timeout 15 ip tcp intercept max-incomplete low 450 ip tcp intercept max-incomplete high 550 ip tcp intercept drop-mode random ! ! no ip bootp server no ip domain lookup ip domain name sbspmc.local ip name-server x.x.x.5 ip name-server x.x.x.2 ip ssh time-out 60 ip ssh authentication-retries 2 ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall ftp ip inspect name firewall pptp ip inspect name firewall smtp ip inspect name firewall http ip inspect name firewall isakmp ip inspect name firewall dns ip inspect name firewall icmp ip ips sdf location flash://128MB.sdf ip ips notify SDEE ip ips name sdm_ips_rule login block-for 10 attempts 10 within 10 ! ! ! username ... ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 lifetime 500 crypto isakmp key ************** address 207.x.x.3 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! ! ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to202.x.x.3 set peer 202.x.x.3 set transform-set ESP-3DES-SHA match address 102 ! ! ! ! interface Null0 no ip unreachables ! interface FastEthernet0/0 description $FW_INSIDE$$ETH-LAN$ ip address x.x.x.1 255.255.224.0 no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip nat inside ip virtual-reassembly ip route-cache flow speed auto half-duplex no mop enabled ! interface FastEthernet0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip route-cache flow shutdown duplex auto speed auto no mop enabled ! interface Serial0/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp encapsulation frame-relay IETF ip route-cache flow no ip mroute-cache service-module t1 timeslots 1-24 frame-relay lmi-type ansi ! interface Serial0/0/0.1 point-to-point description $FW_OUTSIDE$ bandwidth 1536 ip address 207.x.x.89 255.255.248.0 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect firewall in ip inspect firewall out ip ips sdm_ips_rule in ip ips sdm_ips_rule out ip virtual-reassembly no cdp enable frame-relay interface-dlci 16 crypto map SDM_CMAP_1 ! ip route 0.0.0.0 0.0.0.0 207.x.x.1 ! ! ip http server ip http access-class 2 no ip http secure-server ip nat inside source route-map SDM_RMAP_1 interface Serial0/0/0.1 overload ip nat inside source static tcp x.x.x.3 80 interface Serial0/0/0.1 80 ip nat inside source static tcp x.x.x.3 20 interface Serial0/0/0.1 20 ip nat inside source static tcp x.x.x.3 21 interface Serial0/0/0.1 21 ip nat inside source static tcp x.x.x.9 1723 interface Serial0/0/0.1

1723 ip nat inside source static tcp x.x.x.4 3389 interface Serial0/0/0.1 3389 ip nat inside source static tcp x.x.x.13 25 interface Serial0/0/0.1 25 ip nat inside source static tcp x.x.x.3 110 interface Serial0/0/0.1 110 ! ! logging trap debugging logging facility local2 logging 172.16.32.5 access-list 1 remark SDM_ACL Category=16 access-list 1 permit x.x.x.0 0.0.31.255 access-list 2 remark HTTP Access-class list access-list 2 remark SDM_ACL Category=1 access-list 2 permit x.x.x.0 0.0.31.255 access-list 2 deny any access-list 100 permit udp any any eq bootpc access-list 101 permit tcp any host x.x.x.89 eq www access-list 101 permit tcp any host x.x.x.89 eq ftp access-list 101 permit tcp any host x.x.x.89 eq ftp-data access-list 101 permit tcp any host x.x.x.89 eq pop3 access-list 101 permit tcp any host x.x.x.89 eq smtp access-list 101 permit tcp any host x.x.x.89 eq 3389 access-list 101 permit tcp any host x.x.x.89 eq domain access-list 101 permit tcp any host x.x.x.89 eq echo access-list 101 permit udp any host x.x.x.89 eq domain access-list 101 permit udp any host x.x.x.89 eq isakmp access-list 101 permit icmp any host x.x.x.89 echo access-list 101 permit icmp any host x.x.x.89 echo-reply access-list 101 permit tcp any host x.x.x.89 eq 1723 access-list 101 permit gre any host x.x.x.89 access-list 101 permit udp any host x.x.x.89 eq non500-isakmp access-list 101 permit ahp any host x.x.x.89 access-list 101 permit esp any host x.x.x.89 access-list 101 permit tcp any host x.x.x.89 range 20481 20485 access-list 101 permit udp any host x.x.x.89 eq 1804 access-list 102 remark SDM_ACL Category=4 access-list 102 remark IPSec Rule access-list 102 permit ip x.x.x.0 0.0.31.255 x.x.x.0 0.0.31.255 access-list 103 remark SDM_ACL Category=2 access-list 103 remark IPSec Rule access-list 103 deny ip x.x.x.0 0.0.31.255 x.x.x.0 0.0.31.255 access-list 103 permit ip x.x.x.0 0.0.31.255 any access-list 105 remark VTY Access-class list access-list 105 remark SDM_ACL Category=1 access-list 105 permit ip x.x.x.0 0.0.31.255 any access-list 105 deny ip any any dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit no cdp run ! route-map SDM_RMAP_1 permit 1 match ip address 103 ! ! ! ! control-plane ! ! banner login ^C Welcome^C banner motd ^CWelcome^C ! line con 0 exec-timeout 15 0 login authentication local_auth transport output telnet line aux 0 exec-timeout 15 0 login authentication local_auth transport output none line vty 0 4 access-class 105 in privilege level 15 password 7 ... login authentication local_auth transport input telnet ! scheduler allocate 20000 1000 end
Reply to
robertm
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.