[c-nsp] Simple Cisco 837-828 IPSEC Tunnel
Skeeve Stevens
skeeve at skeeve.org
Tue Jul 19 04:30:44 EDT 2005
Does anyone know of any config examples of a IPSEC Tunnel using 3DES from a
837 to an 828 with NAT on both sides.
I think I have correct with the correct IOS, but there seems to be some
problems with stability on the 837 with this error:
*Mar 1 01:36:42.671: NAT*: Can't create new inside entry -
forced_punt_flags: 0 which seems to be that the nat entries are
exhausting.. No idea.
And even a ping from a PC behind the NAT is extremely unreliable
This seems ok for general nat.
ip nat inside source list 11 interface Dialer1 overload
access-list 11 permit ip 192.168.1.0 0.0.0.255
This is quite broken and unreliable
ip nat inside source list 160 interface Dialer1 overload
access-list 160 deny ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255 log
access-list 160 permit ip 192.168.1.0 0.0.0.255 any log
837: 12.3 (3des)
828: 12.2 (3des)
_______________________________________________________
Skeeve Stevens, RHCE Email: skeeve at skeeve.org
Website: www.skeeve.org - Telephone: (0414) 753 383
Address: P.O Box 1035, Epping, NSW, 1710, Australia
eIntellego - skeeve at eintellego.net - www.eintellego.net
_______________________________________________________
I'm a groove licked love child king of the verse
Si vis pacem, para bellum
========================================================================
iBurst Wireless Broadband from $34.95/month www.platformnetworks.net
Forward undetected SPAM to: spam at mailsecurity.net.au
========================================================================
More information about the cisco-nsp
mailing list