Skip to main content

I set up a Site to Site VPN but can not get traffic to go th

More
15 years 2 weeks ago #32904 by jrecho
No ping from one side to the other nothing. I see the tunnel up but I get this error when I try to ping
I get in Site B this error
3 Dec 02 2009 16:17:38 305005 10.10.20.55 No translation group found for icmp src outside:10.10.10.157 dst Inside:10.10.20.55 (type 8, code 0)


Here is the config
Site A
Public 196.XXX.XXX.XXX
inside 10.10.10.0/24
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.10.0 255.255.255.0 10.10.20.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 82.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface Outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 82.XXX.XXX.XXX type ipsec-l2l
tunnel-group 82.XXX.XXX.XXX ipsec-attributes
pre-shared-key ***

SiteB
Public
82.XXX.XXX.XXX
Inside: 10.10.20.0/24

crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 10.10.20.0 255.255.255.0 10.10.10.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 196.XXX.XXX.XXX
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 196.XXX.XXX.XXX type ipsec-l2l
tunnel-group 196.XXX.XXX.XXX ipsec-attributes


An
More
15 years 2 weeks ago #32946 by sys-halt
Please provide us with your complete configuration file and mask out any confidential IP addresses and passwords or the like.

good luck
Time to create page: 0.113 seconds