06-24-2006 08:15 AM - edited 02-21-2020 01:00 AM
i couldn't establish tunnel between VPN 3000 & cisco 2811 router. here config for 2811. pls suugest wht else to be done..
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address xx.xx.xx.xx
!
!
crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
!
crypto map to_vpn 10 ipsec-isakmp
set peer xx.xx.xx.xx
set transform-set to_vpn
match address 101
!
!
!
!
!
interface GigabitEthernet0/0
ip address xx.xx.xx.xx 255.255.255.248
ip nat outside
no ip virtual-reassembly
duplex half
speed auto
crypto map to_vpn
!
interface GigabitEthernet0/1
ip address 10.1.1.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex half
speed auto
!
interface GigabitEthernet0/1.1
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.10
ip nat inside
ip virtual-reassembly
!
!
!
!
ip http server
no ip http secure-server
ip nat inside source route-map nonat pool mypool overload
!
access-list 101 permit ip 10.78.0.0 0.0.255.255 10.23.0.0 0.0.255.255
access-list 101 permit ip 10.78.0.0 0.0.255.255 10.26.1.0 0.0.0.255
access-list 110 deny ip 10.78.0.0 0.0.255.255 10.23.0.0 0.0.255.255
access-list 110 deny ip 10.78.0.0 0.0.255.255 10.26.1.0 0.0.0.255
access-list 110 permit ip 10.78.0.0 0.0.255.255 any
!
!
!
route-map nonat permit 10
match ip address 110
!
06-25-2006 11:39 AM
Hi,
It seems that your IOS config. is correct, anyway, you need to make sure for the following at you concentrator according to the IOS config:
- Preshared Key
- Authentication: ESP/MD5/HMAC-128
- Enc. 3des
- IKE Proposal: IKE-3DES-MD5
- and the most important thing, that the local network is 10.23.0.0 and 10.23.0.0 0.0.255.255
- and also the remote network must be 10.78.0.0 0.0.255.255
These network list must be identical btw. the IOS and also the concentrator.
If you checked that the mentioned notes were done at the VPN conc. you can see the VPN log file or by issuing debug crypto isakmp and also debug crypto ipsec to exactly determine the problem.
I hope this will help you, and you can paste the IOS debug messages and also your VPN logs in order to help you.
Plz. rate if it does!
Thanks
abd Alqader
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide