1. Home
  2. Cisco Systems
  3. VPN Traffic going to all cliets but not to server on one end

VPN Traffic going to all cliets but not to server on one end

I have been working with these two 1800 series routers trying to set up a DMVPN and i am having troubles with only one end. The spoke end has a server in it that i have nat entries for. It is our email server and web server. its address is 10.0.0.20. When the Tunnel comes up it loads all the OSPF routing tables and clients can ping between each other on both ends but when a client from the "LC-BOTH-R1" side trys to access the server on "LC-FLOR-R1" side it timesout. When pinging from the router "LC-BOTH-R1" it will talk to 10.0.0.20 but this is the only case for remote connectivity.

Please Help! I am posting the full configs below

Thanks,

Adam Walters

******** Hub Router ***************************************** Current configuration : 3132 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname LC-BOTH-R1 ! boot-start-marker boot-end-marker ! no logging buffered enable password 7 XXXXXXXXXXXXX ! aaa new-model ! ! ! aaa session-id common ! resource policy ! ! ! ip cef ! ! no ip domain lookup ip inspect name in2out rcmd ip inspect name in2out ftp ip inspect name in2out tftp ip inspect name in2out tcp timeout 43200 ip inspect name in2out http ip inspect name in2out udp ip inspect name in2out icmp ! ! ! username XXXXXXXXXXXXX password 7 XXXXXXXXXXXXXXXXXXXX ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key XXXXXXXXXX address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA ! ! ! ! ! interface Tunnel0 description VPN bandwidth 1000 ip address 10.99.99.1 255.255.255.0 no ip redirects ip mtu 1416 ip nhrp authentication DMVPN_NW ip nhrp map multicast dynamic ip nhrp network-id 100000 ip nhrp holdtime 360 no ip route-cache cef no ip route-cache ip ospf network broadcast ip ospf priority 2 delay 1000 tunnel source FastEthernet0 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile SDM_Profile1 ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0 description WAN ip address XXX.XXX.XXX.XXX 255.255.255.0 ip access-group 100 in ip nat outside ip inspect in2out out ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 no ip address shutdown duplex auto speed auto ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Vlan1 description LAN ip address 10.0.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Async1 no ip address encapsulation slip ! router ospf 1 log-adjacency-changes network 1.1.1.0 0.0.0.255 area 0 network 10.0.1.0 0.0.0.255 area 0 network 10.99.99.0 0.0.0.255 area 0 ! ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX ! ! ip http server no ip http secure-server ip nat inside source static tcp 10.0.1.1 23 interface FastEthernet0 23 ip nat inside source route-map nonat interface FastEthernet0 overload ip nat inside source static tcp 10.0.1.21 3389 interface FastEthernet0 3389 ! access-list 100 permit udp any host XXX.XXX.XXX.XXX eq isakmp access-list 100 permit esp any host XXX.XXX.XXX.XXX access-list 100 permit gre any host XXX.XXX.XXX.XXX access-list 100 deny ip any any access-list 110 deny ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255 access-list 110 permit ip 10.0.1.0 0.0.0.255 any ! ! ! route-map nonat permit 10 match ip address 110 ! ! ! ! control-plane ! ! line con 0 logging synchronous line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 password 7 XXXXXXXXXXXXXXXXXXXXXXXXX ! ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end

************************ Spoke Router

*********************************** Current configuration : 4210 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname LC-FLOR-R1 ! boot-start-marker boot-end-marker ! no logging buffered enable password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXx ! aaa new-model ! ! ! aaa session-id common ! resource policy ! ! ! ip cef ! ! no ip domain lookup ip inspect name in2out rcmd ip inspect name in2out ftp ip inspect name in2out tftp ip inspect name in2out tcp timeout 43200 ip inspect name in2out http ip inspect name in2out udp ip inspect name in2out icmp ! ! ! username XXXXXXXXXXXXXX password 7 XXXXXXXXXXXXXXXXXXXX ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key XXXXXXXXXXXXXXX address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA ! ! ! ! ! interface Tunnel0 description VPN bandwidth 1000 ip address 10.99.99.2 255.255.255.0 no ip redirects ip mtu 1416 ip nhrp authentication DMVPN_NW ip nhrp map multicast dynamic ip nhrp map 10.99.99.1 XXX.XXX.XXX.XXX ip nhrp map multicast XXX.XXX.XXX.XXX ip nhrp network-id 100000 ip nhrp holdtime 360 ip nhrp nhs 10.99.99.1 ip ospf network broadcast ip ospf priority 0 delay 1000 tunnel source FastEthernet0 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile SDM_Profile1 ! interface Loopback0 ip address 2.2.2.2 255.255.255.0 ! interface FastEthernet0 description WAN ip address XXX.XXX.XXX.XXX 255.255.255.0 ip access-group 100 in ip nat outside ip inspect in2out out ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 no ip address shutdown duplex auto speed auto ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Vlan1 description LAN ip address 10.0.0.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Async1 no ip address encapsulation slip ! router ospf 1 log-adjacency-changes redistribute connected network 2.2.2.0 0.0.0.255 area 0 network 10.0.0.0 0.0.0.255 area 0 network 10.99.99.0 0.0.0.255 area 0 ! ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX ! ! ip http server no ip http secure-server ip nat inside source static tcp 10.0.0.20 3389 interface FastEthernet0 3389 ip nat inside source static tcp 10.0.0.20 80 interface FastEthernet0 80 ip nat inside source static tcp 10.0.0.20 25 interface FastEthernet0 25 ip nat inside source route-map nonat interface FastEthernet0 overload ! ! access-list 100 permit udp any host XXX.XXX.XXX.XXX eq isakmp access-list 100 permit esp any host XXX.XXX.XXX.XXX access-list 100 permit gre any host XXX.XXX.XXX.XXX access-list 100 permit tcp host XXX.XXX.XXX.XXX any eq smtp access-list 100 permit tcp host XXX.XXX.XXX.XXX any eq smtp access-list 100 permit tcp host XXX.XXX.XXX.XXX any eq smtp access-list 100 permit tcp host XXX.XXX.XXX.XXX any eq smtp access-list 100 permit tcp host XXX.XXX.XXX.XXX any eq smtp access-list 100 permit tcp host XXX.XXX.XXX.XXX any eq smtp access-list 100 permit tcp host XXX.XXX.XXX.XXX any eq smtp access-list 100 deny tcp any any eq smtp access-list 100 permit tcp any any access-list 100 permit ip any any access-list 100 permit udp any any access-list 100 deny ip any any access-list 110 permit ip 10.0.0.0 0.0.0.255 any ! ! ! route-map nonat permit 10 match ip address 110 ! ! ! ! control-plane ! ! line con 0 logging synchronous line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 password 7 XXXXXXXXXXXXXXXXXXX transport input telnet ! ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end
Reply to
Walters
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.