- last edited on by
Translator
Hi
site-to-site VPN packets are not encrypted and decrypted, please let me know what could be the problem
Site-A#sh crypto ipsec sa
interface: Ethernet0/0
Crypto map tag: cryptomap, local addr 10.10.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (10.10.1.1/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.10.2.2/255.255.255.255/0/0)
current_peer 10.10.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.10.1.1, remote crypto endpt.: 10.10.2.2
path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key cisco hostname 10.10.2.2
!
!
crypto ipsec transform-set mytransform esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map cryptomap 10 ipsec-isakmp
set peer 10.10.2.2
set transform-set mytransform
match address 100
!
!
!
!
!
interface Ethernet0/0
ip address 10.10.1.1 255.255.255.0
crypto map cryptomap
!
interface Ethernet0/1
ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router ospf 10
network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip host 10.10.1.1 host 10.10.2.2
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key cisco hostname 10.10.1.1
!
!
crypto ipsec transform-set mytransform esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map cryptomap 10 ipsec-isakmp
set peer 10.10.1.1
set transform-set mytransform
match address 100
!
!
!
!
!
interface Ethernet0/0
ip address 10.10.2.2 255.255.255.0
crypto map cryptomap
!
interface Ethernet0/1
ip address 172.16.1.254 255.255.255.0
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router ospf 10
network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip host 10.10.2.2 host 10.10.1.1
2 Accepted Solutions
Accepted Solutions
.jpg "VIP Master"){kind=icon}
Recognize Your Peers