cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1015
Views
15
Helpful
4
Replies

site to site vpn, pre shred key is missing

noob_route
Level 1
Level 1

My config is all right,

here's config:

SPOKE1:

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 1.1.1.4 YES NVRAM up up
FastEthernet0/1 192.168.30.1 YES manual up up
FastEthernet1/0 unassigned YES NVRAM administratively down down
FastEthernet1/1 2.2.2.4 YES NVRAM up up

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.5
crypto isakmp key FORISP2 address 2.2.2.5
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.5
set transform-set ISP1SET
match address 100
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.5
set transform-set ISP2SET
match address 100
crypto map ISP1MAP
crypto map ISP2MAP

 

 

========================================================================

 

HUB1 :

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 1.1.1.2 YES NVRAM up up
FastEthernet0/1 192.168.10.2 YES NVRAM up up
FastEthernet1/0 unassigned YES NVRAM administratively down down
FastEthernet1/1 2.2.2.2 YES NVRAM up up

 

 

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.4
crypto isakmp key FORISP2 address 2.2.2.4
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.4
set transform-set ISP1SET
match address 100
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.4
set transform-set ISP2SET
match address 100
crypto map ISP1MAP
crypto map ISP2MAP

4 Replies 4

Hello,

 

what is the problem exactly ? Post the full running configurations of both sides...

when i try to ping from  192.168.50.2/24 -to - 192.168.30.2/24 , its showing key missing message in CLI of HQ-Active router & SPOKE1 ROUTER also no ping replies received.

HQ-Active router -ERROR_MESSAGE:         *Dec 2 19:18:51.335: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mod e failed with peer at 1.1.1.4

HQ-Active router -ERROR_MESSAGE:     *Dec 2 19:21:33.835: %CRYPTO-6-IKMP_NO_PRESHARED_KEY: Pre-shared key for remote peer at 1.1.1.2 is missing

 

 

HQ-ACTIVE router

redundancy
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.4
crypto isakmp key FORISP2 address 2.2.2.4
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.4
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.4
set transform-set ISP2SET
match address 100
!
!
!
!
!
!
interface FastEthernet0/0
description ***ISP-1-PRIMARY***
ip address 1.1.1.2 255.255.255.0
duplex auto
speed auto
standby 2 ip 1.1.1.5
standby 2 priority 110
standby 2 preempt
standby 2 name wlanisp1
crypto map ISP1MAP
!
!
interface FastEthernet0/1
description ***LAN-INTERFACE***
ip address 192.168.10.2 255.255.255.0
duplex auto
speed auto
standby 1 ip 192.168.10.5
standby 1 priority 110
standby 1 preempt
standby 1 name inlan
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.2 255.255.255.0
duplex auto
speed auto
standby 3 ip 2.2.2.5
standby 3 priority 110
standby 3 preempt
standby 3 name wanisp2
crypto map ISP2MAP
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 192.168.30.0 255.255.255.0 1.1.1.4
ip route 192.168.30.0 255.255.255.0 2.2.2.4 10
ip route 192.168.50.0 255.255.255.0 192.168.10.4
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
!

 

HQ_STANDBY router

 

redundancy
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.4
crypto isakmp key FORISP2 address 2.2.2.4
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.4
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.4
set transform-set ISP2SET
match address 100
!
!
!
!
!
!
interface FastEthernet0/0
description ***ISP-1-PRIMARY***
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
standby 2 ip 1.1.1.5
standby 2 preempt
standby 2 name wanisp1
crypto map ISP1MAP
!
!
interface FastEthernet0/1
description ***LAN-INTERFACE***
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
standby 1 ip 192.168.10.5
standby 1 preempt
standby 1 name inlan
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.1 255.255.255.0
duplex auto
speed auto
standby 3 ip 2.2.2.5
standby 3 preempt
standby 3 name wanisp2
crypto map ISP2MAP
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 192.168.10.0 255.255.255.0 1.1.1.4
ip route 192.168.10.0 255.255.255.0 2.2.2.4 10
ip route 192.168.50.0 255.255.255.0 192.168.10.4
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
!

 

SPOKE1

 

!
redundancy
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.5
crypto isakmp key FORISP2 address 2.2.2.5
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.5
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.5
set transform-set ISP2SET
match address 100
!
!
!
!
!
!
interface FastEthernet0/0
description ***ISP-1-PRIMARY***
ip address 1.1.1.4 255.255.255.0
duplex auto
speed auto
crypto map ISP1MAP
!
!
interface FastEthernet0/1
description ***ISP-2-SECONDARY***
ip address 192.168.30.1 255.255.255.0
duplex auto
speed auto
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.4 255.255.255.0
duplex auto
speed auto
crypto map ISP2MAP
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 1.1.1.5
ip route 0.0.0.0 0.0.0.0 2.2.2.5 10
!
access-list 100 permit ip 192.168.30.0 0.0.0.255 192.168.50.0 0.0.0.255
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!

 

For the DMVPN the IPSec key should config as
password # address 0.0.0.0<- in Hub 
password # address 0.0.0.0 <- in Spoke "to make Spoke to Spoke connect"

THANK YOU EVERYONE, I FOUND THE ANSWER .

 

i just mapped the crypto map with redudancy as i pointed the spoke to the VIP of HUB, therfore

command on interface : crypto map [mapname] redudency [standbyname]

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco