08-31-2012 08:17 AM - edited 03-04-2019 05:26 PM
Peace.
I'm trying to do vpn between two routers.
The first router model 1841
His dial settings is like this:
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto map hakim_to_yoni 10 ipsec-isakmp
set peer 81.218.161.32
set transform-set hakim_to_yoni
match address 101
!
interface FastEthernet0/1.200
ip mtu 1300
crypto map hakim_to_yoni
!
crypto map yoni_to_hakim 10 ipsec-isakmp
set peer 82.80.137.216
set transform-set yoni_to_hakim
match address 101
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 6 cisco address 81.218.161.32
crypto ipsec transform-set hakim_to_yoni esp-aes esp-sha-hmac
crypto map hakim_to_yoni 10 ipsec-isakmp
set peer 81.218.161.32
set transform-set hakim_to_yoni
match address 101
!
interface FastEthernet0/1.200
ip mtu 1300
crypto map hakim_to_yoni
!
access-list 101 permit ip 10.80.5.0 0.0.0.255 192.168.185.0 0.0.0.25
my other is model c850
crypto isakmp key 6 cisco address 82.80.137.216
crypto ipsec transform-set yoni_to_hakim esp-aes esp-sha-hmac
crypto map yoni_to_hakim 10 ipsec-isakmp
set peer 82.80.137.216
set transform-set yoni_to_hakim
match address 101
!
interface Tunnel40
ip address 192.168.205.1 255.255.255.0
crypto map yoni_to_hakim
!
access-list 101 permit ip 192.168.185.0 0.0.0.255 192.168.205.0 0.0.0.255
when i do:
show crypto session
Interface: FastEthernet0/1.200
Session status: DOWN
Peer: 81.218.161.32 port 500
IPSEC FLOW: permit ip 192.168.205.0/255.255.255.0 192.168.185.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.80.5.0/255.255.255.0 192.168.185.0/255.255.255.0
Active SAs: 0, origin: crypto map
Interface: FastEthernet0/1.200
Session status: DOWN
Peer: 81.218.161.32 port 500
IPSEC FLOW: permit ip 192.168.205.0/255.255.255.0 192.168.185.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.80.5.0/255.255.255.0 192.168.185.0/255.255.255.0
Active SAs: 0, origin: crypto map
08-31-2012 09:31 AM
On your second router, you have the crypto map on a tunnel-interface. Where does this tunnel go to? Or have you modified your config too much before posting here?
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-31-2012 09:45 AM
yes, i have tuneel with this settings:
interface Tunnel40
crypto map yoni_to_hakim
!
08-31-2012 09:52 AM
What's the destination and the purpose of that tunnel? The tunnel doesn't have a complete config and can't work.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-31-2012 09:55 AM
sorry, this is the full config
interface Tunnel40
ip address 192.168.205.2 255.255.255.0
no ip redirects
ip mtu 1300
tunnel source BVI1
tunnel mode gre multipoint
crypto map yoni_to_hakim
!
08-31-2012 10:16 AM
That doesn't make any sense to me. Please describe what you want to achieve and include a deteiled drawing of your setup.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-31-2012 10:20 AM
can i get your email ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide