03-04-2015 01:45 AM - edited 03-05-2019 12:56 AM
Hello,
After configuring two routers in order to configure VPN command show crypto isakmp sa showing nothing. Please help what am i missing.
hostname R1-2801
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$dbvq$s4Mk.nyB4nIhOC7wQqji.1
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key 6 vpnkey address 192.168.1.12
!
!
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
!
crypto map vpnset 10 ipsec-isakmp
set peer 192.168.1.12
set transform-set vpnset
match address 100
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.11 255.255.255.0
duplex auto
speed auto
crypto map vpnset
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
end
hostname R2-1841
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
controller E1 0/0/0
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key 6 vpnkey address 192.168.1.11
!
!
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
!
crypto map vpnset 10 ipsec-isakmp
set peer 192.168.1.11
set transform-set vpnset
match address 100
!
!
!
interface FastEthernet0/0
ip address 10.10.11.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.12 255.255.255.0
duplex auto
speed auto
crypto map vpnset
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 100 permit ip 10.10.10.0 0.0.0.255
10.10.11.0 0.0.0.255
disable-eadi
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
end
R2-1841#
Thanks
Nooruddin
03-04-2015 05:16 AM
The crypto ACL on R2 is wrong, it has to be:
access-list 100 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
And if it will be for production and not only for learning, consider migrating to Virtual Tunnel Interfaces (VTI).
10-28-2015 04:54 AM
Hello
Sorry for very prolonged reply. thanks i will check and update and then rate it.
I apologize again.
03-06-2015 05:56 PM
There are a number of things missing from the config to create the VPN between the routers. I'm going to reference you to a know working walk through. This will give you everything you need to get this working.
Cheers,
Sam
03-07-2015 12:15 AM
Your link is for DMVPN which really doesn't make any sense for a VPN between two routers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: