- Posts: 3
- Thank you received: 0
I set up a Site to Site VPN but can not get traffic to go th
14 years 11 months ago #32904
by jrecho
No ping from one side to the other nothing. I see the tunnel up but I get this error when I try to ping
I get in Site B this error
3 Dec 02 2009 16:17:38 305005 10.10.20.55 No translation group found for icmp src outside:10.10.10.157 dst Inside:10.10.20.55 (type 8, code 0)
Here is the config
Site A
Public 196.XXX.XXX.XXX
inside 10.10.10.0/24
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.10.0 255.255.255.0 10.10.20.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 82.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface Outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 82.XXX.XXX.XXX type ipsec-l2l
tunnel-group 82.XXX.XXX.XXX ipsec-attributes
pre-shared-key ***
SiteB
Public
82.XXX.XXX.XXX
Inside: 10.10.20.0/24
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.20.0 255.255.255.0 10.10.10.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 196.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 196.XXX.XXX.XXX type ipsec-l2l
tunnel-group 196.XXX.XXX.XXX ipsec-attributes
An
I get in Site B this error
3 Dec 02 2009 16:17:38 305005 10.10.20.55 No translation group found for icmp src outside:10.10.10.157 dst Inside:10.10.20.55 (type 8, code 0)
Here is the config
Site A
Public 196.XXX.XXX.XXX
inside 10.10.10.0/24
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.10.0 255.255.255.0 10.10.20.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 82.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface Outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 82.XXX.XXX.XXX type ipsec-l2l
tunnel-group 82.XXX.XXX.XXX ipsec-attributes
pre-shared-key ***
SiteB
Public
82.XXX.XXX.XXX
Inside: 10.10.20.0/24
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.20.0 255.255.255.0 10.10.10.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 196.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 196.XXX.XXX.XXX type ipsec-l2l
tunnel-group 196.XXX.XXX.XXX ipsec-attributes
An
14 years 11 months ago #32946
by sys-halt
Replied by sys-halt on topic Re: I set up a Site to Site VPN but can not get traffic to go th
Please provide us with your complete configuration file and mask out any confidential IP addresses and passwords or the like.
good luck
good luck
Time to create page: 0.112 seconds