Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

VPN configuration on cisco 1941

Zigmunds Vitins
Level 1
Level 1

‎04-27-2010 07:35 AM

Hi all,

first time I try to create VPN between two Cisco routers, but unsuccessfully.

I have Cisco1941 and Cisco 2811, configuration on my 1941 router are:

router#sh run
Building configuration...

Current configuration : 5601 bytes
!
! Last configuration change at 17:01:49 PCTime Tue Apr 27 2010 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
!
aaa new-model
!
!
aaa authentication login exvpnxauth local
aaa authorization network ezvpnnetwork local
!
!
aaa session-id common
!
no ipv6 cef
no ip source-route
ip cef
!
!
no ip bootp server
!
multilink bundle-name authenticated
!
!
redundancy
!
!
ip tcp synwait-time 10
ip ssh version 2
no ip rcmd domain-lookup
!
!
crypto isakmp policy 5
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key vpnpassword address 2.3.4.5
!
!
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
!
crypto map Cisco-vpn 10 ipsec-isakmp
set peer 2.3.4.5
set transform-set STRONG
set pfs group2
match address 122
!
!
interface Loopback0
ip address 20.20.20.20 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
!
interface GigabitEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 570
ip address 2.2.2.2 255.255.255.248
ip access-group 110 in
ip nat outside
ip virtual-reassembly
no cdp enable
crypto map Cisco-vpn
!
interface GigabitEthernet0/1
description internal-net
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
!
ip forward-protocol nd
!
ip nat inside source static 10.10.10.2 2.2.2.3
ip route 0.0.0.0 0.0.0.0 2.2.2.1
!
logging trap debugging
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 10 permit 10.10.10.2
access-list 10 deny   any
access-list 110 permit tcp any any established
access-list 110 permit icmp any any
access-list 110 permit ip 10.10.10.0 0.0.0.255 any
access-list 110 permit tcp host 2.3.4.5 host 2.2.2.2
access-list 110 permit udp any any
access-list 110 permit gre any any
access-list 122 permit ip 10.10.10.0 0.0.0.255 10.3.0.0 0.0.255.255
!
no cdp run

!
!
!
!
!
control-plane
!
!
!

Whats is wrong in this config?

In logs I can not see any error about VPN.

Thanks.

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic