Solucionado: VPN loop problem

andrew005 · ‎03-29-2025

I have the following task to configure site-to-site VPN with encryption algorithm aes, hashing algorithm sha Diffie-Gellman number
group 2
entered the following commands:

Router0

Router>

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#crypto isakmp enable

Router(config)#crypto isakmp policy 100

Router(config-isakmp)#encr aes

Router(config-isakmp)#hash sha

Router(config-isakmp)#authentication pre-share

Router(config-isakmp)#group 2

Router(config-isakmp)#ex

Router(config)#crypto isakmp key cisco123 address 22.22.22.2

Router(config)#crypto ipsec transform-set R0 esp-aes esp-sha-hmac

Router(config)#crypto map R0MAP 100 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.

Router(config-crypto-map)#set peer 22.22.22.2

Router(config-crypto-map)#set transform-set R0

Router(config-crypto-map)#match address 151

Router(config-crypto-map)#ex

Router(config)#int fa0/0

Router(config-if)#ip access-group 101 in

Router(config-if)#crypto map R0MAP

*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

Router(config-if)#ex

Router(config)#access-list 101 permit ahp host 22.22.22.1 host 22.22.22.2

Router(config)#access-list 101 permit esp host 22.22.22.1 host 22.22.22.2

Router(config)#access-list 101 permit udp host 22.22.22.1 host 22.22.22.2 eq isakmp

Router(config)#access-list 101 permit icmp host 22.22.22.1 host 22.22.22.2 echo

Router(config)#access-list 151 permit ip 192.168.8.0 0.0.0.255 172.32.32.0 0.0.0.255

Router(config)#access-list 151 deny ip any any

Router(config)#ex

Router#

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#crypto isakmp enable

Router(config)#crypto isakmp policy 100

Router(config-isakmp)#encr aes

Router(config-isakmp)#hash sha

Router(config-isakmp)#authentication pre-share

Router(config-isakmp)#group 2

Router(config-isakmp)#crypto isakmp key cisco123 address 22.22.22.1

Router(config)#crypto ipsec transform-set R1 esp-aes esp-sha-hmac

Router(config)#crypto map R1MAP 100 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.

Router(config-crypto-map)#set peer 22.22.22.1

Router(config-crypto-map)#set transform-set R1

Router(config-crypto-map)#match address 151

Router(config-crypto-map)#ex

Router(config)#int fa0/0

Router(config-if)#ip access-group 101 in

Router(config-if)#crypto map R1MAP

*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

Router(config-if)#ex

Router(config)#access-list 101 permit ahp host 22.22.22.2 host 22.22.22.1

Router(config)#access-list 101 permit esp host 22.22.22.2 host 22.22.22.1

Router(config)#access-list 101 permit udp host 22.22.22.2 host 22.22.22.1 eq isakmp

Router(config)#access-list 101 permit icmp host 22.22.22.2 host 22.22.22.1 echo

Router(config)#access-list 151 permit ip 172.32.32.0 0.0.0.255 192.168.8.0 0.0.0.255

Router(config)#access-list 151 deny ip any any

Router(config)#ex

For some reason, packets are looping between routers. I am adding a diagram. Help solve the problem. I would be grateful for the commands to enter and the updated diagram.

andrew005 · ‎03-30-2025

Already solved

Ver la solución en mensaje original publicado

andrew005 · ‎03-30-2025

Already solved