cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
318
Views
0
Helpful
4
Replies

Cisco VPN connectivity b/w 2801 and 1841

noorudden
Level 1
Level 1

Hello,

After configuring two routers in order to configure VPN command show crypto isakmp  sa showing nothing. Please help what am i missing.

hostname R1-2801
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$dbvq$s4Mk.nyB4nIhOC7wQqji.1
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key 6 vpnkey address 192.168.1.12
!
!
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
!
crypto map vpnset 10 ipsec-isakmp
 set peer 192.168.1.12
 set transform-set vpnset
 match address 100
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.1.11 255.255.255.0
 duplex auto
 speed auto
 crypto map vpnset
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler allocate 20000 1000
end

 

 

hostname R2-1841
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
controller E1 0/0/0
!
!
!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key 6 vpnkey address 192.168.1.11
!
!
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
!
crypto map vpnset 10 ipsec-isakmp
 set peer 192.168.1.11
 set transform-set vpnset
 match address 100
!
!
!
interface FastEthernet0/0
 ip address 10.10.11.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.1.12 255.255.255.0
 duplex auto
 speed auto
 crypto map vpnset
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 100 permit ip 10.10.10.0 0.0.0.255 

10.10.11.0 0.0.0.255
disable-eadi
!
!
!
!
control-plane
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler allocate 20000 1000
end

R2-1841#

 

Thanks

Nooruddin

 

 

4 Replies 4

The crypto ACL on R2 is wrong, it has to be:

access-list 100 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255

And if it will be for production and not only for learning, consider migrating to Virtual Tunnel Interfaces (VTI).

Hello

Sorry for very prolonged reply. thanks i will check and update and then rate it.

I apologize again.

Sam Smiley
Level 3
Level 3

There are a number of things missing from the config to create the VPN between the routers. I'm going to reference you to a know working walk through. This will give you everything you need to get this working.

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/29240-dcmvpn.html

Cheers,

Sam

Your link is for DMVPN which really doesn't make any sense for a VPN between two routers.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: