Maybe I should be calling support..but I dont' think this is a level 1 deal.
Basically this is a cut and paste from 2 lab 2811's with advanced ip. I don't beleive I have a tunnel established here. Can anyone see anything inherently wrong. This is pretty much a cut and paste deal. I've done some troubleshooting but I don't think any packets at all have passed over the tunnel that claims to be up. Just to be given a hint on direction here will be fine. These are back to back 2811's that can ping each other's serial interfaces.
CHESTER_STANDBY#
Building configuration...
crypto pki trustpoint TP-self-signed-3378xxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3378xxxxxx
revocation-check none
rsakeypair TP-self-signed-3378xxxxxx
!
!
crypto pki certificate chain TP-self-signed-3378xxxxxx
certificate self-signed 01
{truncated}
CA5EE254 C2A3CEA1 B0274F8D 3F919734 D7AB09D3 D18146A7 9DD4A0CF F9AE4F88
C5A33DAE 741AE002 3D9EB4E7 B7611C8C 4260DF4A C54F47C0 A78E
quit
!
controller T1 0/0/0
framing esf
clock source internal
linecode b8zs
channel-group 0 timeslots 1-24
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key Amscan@80G address 10.250.99.2
!
!
crypto ipsec transform-set AMSCAN ah-sha-hmac esp-des esp-sha-hmac
mode transport
!
crypto map RockStar local-address Serial0/0/0:0
crypto map RockStar 1 ipsec-isakmp
set peer 10.250.99.2
match address 101
!
interface Tunnel1
bandwidth 1544
ip address 10.250.100.1 255.255.255.0
tunnel source 10.250.99.1
tunnel destination 10.250.99.2
crypto map RockStar
!
interface FastEthernet0/0
description ip vpn lan
ip address 10.120.250.101 255.255.0.0
duplex auto
speed auto
!
!
interface Serial0/0/0:0
ip address 10.250.99.1 255.255.255.0
crypto map RockStar
!
ip classless
ip route 10.10.0.0 255.255.0.0 Tunnel1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 101 permit gre host 10.250.99.1 host 10.250.99.2
end
ELMSFORD VPN
ELMSFORD_VPN#sh run
Building configuration...
{truncated}
!
crypto pki trustpoint TP-self-signed-36393xxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-363xxxxx
revocation-check none
rsakeypair TP-self-signed-3639xxxxx
!
!
crypto pki certificate chain TP-self-signed-36393xxxxxx
certificate self-signed 01
6D201AA9 BE741CAD 0A57F073 D5239E4F F820EAB8 C3633F93 EC8DD543 84B95CE9
5790CCB6 E4CED486 EF489A5F E6A59A1F 8FB13666 20EE9B
quit
!
!
controller T1 0/0/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
!
crypto isakmp policy 1
authentication pre-share
lifetime 84600
crypto isakmp key Amscan@80G address 10.250.99.1
!
crypto ipsec transform-set AMSCAN ah-sha-hmac esp-des esp-sha-hmac
mode transport
!
crypto map RockStar local-address Serial0/0/0:0
crypto map RockStar 1 ipsec-isakmp
set peer 10.250.99.1
set transform-set AMSCAN
match address 101
!
!
!
!
interface Tunnel0
bandwidth 1544
ip address 10.250.100.2 255.255.255.0
tunnel source 10.250.99.2
tunnel destination 10.250.99.1
crypto map RockStar
!
interface FastEthernet0/0
description vpn lan int
ip address 10.10.250.101 255.255.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:0
ip address 10.250.99.2 255.255.255.0
crypto map RockStar
!
ip classless
ip route 10.120.0.0 255.255.0.0 Tunnel0
!
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 101 permit gre host 10.250.99.2 host 10.250.99.1
!
!
end
