Site to Site, Encrypt tunnel

1mroberts · ‎08-29-2007

I have point to point T1 with 2x2811 routes. I need to Encrypt the data passing between the two routers. I have tried using and several types VPN of tunnels with limit success. Pings and trace routes work but none of my application work.

royalblues · ‎08-29-2007

Can you post your configs

Here is a sample we do

Router 1

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key address

crypto ipsec transform-set test esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer

set transform-set test

match address 105

access-list 105 permit ip

Router 2

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key address

crypto ipsec transform-set test esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer

set transform-set test

match address 105

access-list 105 permit ip

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

HTH

Narayan

sundar.palaniappan · ‎08-29-2007

Mike,

If you are able to ping and tracerroute after VPN tunnel comes up then there mayn't be a configuration issue. The symptom you described about the application connectivity issue frequently happens as a result of MTU problems due to IPSEC overhead. Can you try configuring the command 'ip tcp adjust-mss 1440' under the ethernet interface facing the LAN and test your applications.

If you are still having issues then can you provide us a sanitized a copy of the configuration.

HTH

Sundar

Joseph W. Doherty · ‎08-29-2007

When you note ping and trace route work, you're sure they are using the actual tunnel? Also, do they work from devices on the LAN sides or sourced from the routers' LAN interfaces?