2 routers vpn

benhakim10 · ‎08-31-2012

Peace.

I'm trying to do vpn between two routers.

The first router model 1841

His dial settings is like this:

crypto isakmp policy 1

encr aes

authentication pre-share

group 2

!

crypto map hakim_to_yoni 10 ipsec-isakmp

set peer 81.218.161.32

set transform-set hakim_to_yoni

match address 101

!

interface FastEthernet0/1.200

ip mtu 1300

crypto map hakim_to_yoni

!

crypto map yoni_to_hakim 10 ipsec-isakmp

set peer 82.80.137.216

set transform-set yoni_to_hakim

match address 101

!

crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!

crypto isakmp key 6 cisco address 81.218.161.32

crypto ipsec transform-set hakim_to_yoni esp-aes esp-sha-hmac

crypto map hakim_to_yoni 10 ipsec-isakmp
set peer 81.218.161.32
set transform-set hakim_to_yoni
match address 101
!

interface FastEthernet0/1.200
ip mtu 1300
crypto map hakim_to_yoni
!

access-list 101 permit ip 10.80.5.0 0.0.0.255 192.168.185.0 0.0.0.25

my other is model c850

crypto isakmp key 6 cisco address 82.80.137.216

crypto ipsec transform-set yoni_to_hakim esp-aes esp-sha-hmac

crypto map yoni_to_hakim 10 ipsec-isakmp

set peer 82.80.137.216

set transform-set yoni_to_hakim

match address 101

!

interface Tunnel40

ip address 192.168.205.1 255.255.255.0

crypto map yoni_to_hakim

!

access-list 101 permit ip 192.168.185.0 0.0.0.255 192.168.205.0 0.0.0.255

when i do:

show crypto session

Interface: FastEthernet0/1.200

Session status: DOWN

Peer: 81.218.161.32 port 500

IPSEC FLOW: permit ip 192.168.205.0/255.255.255.0 192.168.185.0/255.255.255.0

Active SAs: 0, origin: crypto map

IPSEC FLOW: permit ip 10.80.5.0/255.255.255.0 192.168.185.0/255.255.255.0

Active SAs: 0, origin: crypto map

Interface: FastEthernet0/1.200

Session status: DOWN

Peer: 81.218.161.32 port 500

IPSEC FLOW: permit ip 192.168.205.0/255.255.255.0 192.168.185.0/255.255.255.0

Active SAs: 0, origin: crypto map

IPSEC FLOW: permit ip 10.80.5.0/255.255.255.0 192.168.185.0/255.255.255.0

Active SAs: 0, origin: crypto map

Karsten Iwen · ‎08-31-2012

On your second router, you have the crypto map on a tunnel-interface. Where does this tunnel go to? Or have you modified your config too much before posting here?

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

benhakim10 · ‎08-31-2012

yes, i have tuneel with this settings:

interface Tunnel40

crypto map yoni_to_hakim

!

Karsten Iwen · ‎08-31-2012

What's the destination and the purpose of that tunnel? The tunnel doesn't have a complete config and can't work.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

benhakim10 · ‎08-31-2012

sorry, this is the full config

interface Tunnel40

ip address 192.168.205.2 255.255.255.0

no ip redirects

ip mtu 1300

tunnel source BVI1

tunnel mode gre multipoint

crypto map yoni_to_hakim

!

Karsten Iwen · ‎08-31-2012

That doesn't make any sense to me. Please describe what you want to achieve and include a deteiled drawing of your setup.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

benhakim10 · ‎08-31-2012

can i get your email ?